Description

Apache Solr select handler allows remote attackers to interact with internal network resources via Server Side Request Forgery (SSRF). Consult Web References for more information about this problem.

Remediation

Upgrade to Apache Solr 7.7.0 or later.

References

CVE-2017-3164

SSRF bible. Cheatsheet

Related Vulnerabilities

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-6905)

XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-41927)

ColdFusion JNDI injection RCE

Apache Tomcat Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2010-2227)

Oracle Application Server CVE-2009-1976 Vulnerability (CVE-2009-1976)

Severity

Medium

Classification

CVE-2017-3164 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities Acumonitor SSRF