Description

Apache Solr is the popular, blazing fast open source enterprise search platform from the Apache Lucene project. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, rich document (e.g., Word, PDF) handling, and geo-spatial search. Solr is highly scalable, providing distributed search and index replication, and it powers the search and navigation features of many of the world's largest internet sites.

Acunetix discovered that is possible to access the Solr Admin page. This page should not be accessible on a production website as it may give an attacker access to sensitive information about the affected system.

Remediation

Disable external access to the Apache Solr service.

References

Apache Solr

Related Vulnerabilities

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-5000)

Unicode Transformation (Best-Fit Mapping)

WordPress Plugin GlotPress Information Disclosure (2.2.1)

SAP weak/predictable user credentials

Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure