Description

Apache Solr is an open source enterprise search platform from the Apache Lucene project. Its major features include full-text search, hit highlighting, faceted search, dynamic clustering, and document parsing.

The web application does not URL encode the user input when making a HTTP request to the Apache Solr web interface. This allows an attacker to inject additional query parameters to the Apache Solr web interface.

Remediation

URL encode the user input when making a HTTP request to the Apache Solr web interface.

References

Apache Solr Injection Research

Related Vulnerabilities

Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson

SOAP WS-Addressing SSRF

Deserialization of Untrusted Data (Java Object Deserialization)

Sonicwall SMA 100 Unintended proxy (CVE-2021-20042)

ColdFusion AMF Deserialization RCE

Severity

Medium

Classification

CWE-88 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

HTTP Parameter Pollution Acumonitor