CVE-2017-3164

HIGH

Apache Solr < 7.6.0 - SSRF

Title source: rule

Description

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

Exploits (1)

nomisec WRITEUP 2 stars

by tdwyer · poc

https://github.com/tdwyer/PoC_CVE-2017-3164_CVE-2017-1262

View Code ZIP pw:eip

References (12)

[Mailing List, Mitigation, Vendor Advisory] http://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN%3DwO5rYs6ktAX-5%3D-f5JDFwbbTSM2TTjEbGO5jKKA%40mail.gmail.com%3E

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/107026

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20190327-0003/

[Vendor Advisory] https://www.oracle.com/security-alerts/cpuoct2020.html

[Vendor Advisory] https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

[Mailing List] https://lists.apache.org/thread.html/43026507844ada1ac658ccf7bc939378c13e492fd6538416ce65df39%40%3Cdev.lucene.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/75dc651478f9d04505b46d44fe3ac739e7aaf3d7bf1257973685f8f7%40%3Cdev.lucene.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/ca3105b6934ccd28e843dffe39724f6963ff49825e9b709837203649%40%3Cdev.lucene.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/e0f9c652b57a91fdcc287efcead620af9f4d8e46b88f0b761aa265de%40%3Cdev.lucene.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

Scores

CVSS v3 7.5

EPSS 0.5954

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-918

Status published

Products (2)

apache/solr 1.3.0 - 7.6.0

org.apache.solr/solr-core 1.30 - 7.7.0Maven

Published Mar 08, 2019

Tracked Since Feb 18, 2026