CVE-2017-3164

HIGH

Apache Solr 1.3.0-7.6.0 - Server-Side Request Forgery via Shards Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-3164. PoCs published by tdwyer.

AI-analyzed exploit summary This repository provides a detailed writeup and explanation of exploits for CVE-2017-3164 (SSRF) and CVE-2017-12629 (RCE) in Apache Solr. It describes how these vulnerabilities can be exploited but does not include actual exploit code.

Description

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

Exploits (1)

nomisec WRITEUP 2 stars

by tdwyer · poc

https://github.com/tdwyer/PoC_CVE-2017-3164_CVE-2017-1262

View Code ZIP pw:eip

This repository provides a detailed writeup and explanation of exploits for CVE-2017-3164 (SSRF) and CVE-2017-12629 (RCE) in Apache Solr. It describes how these vulnerabilities can be exploited but does not include actual exploit code.

Classification

Writeup 90%

Attack Type

Ssrf | Rce

Complexity

Moderate

Reliability

Theoretical

Target: Apache Solr versions 1.3 to 7.6 (CVE-2017-3164), Apache Solr before 7.1 (CVE-2017-12629)

No auth needed

Prerequisites: knowledge of the target Apache Solr server's IP/DNS and a collection name

MITRE ATT&CK

T1189 - Drive-by Compromise T1200 - Hardware Additions T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/107026

Mailing List, Mitigation, Vendor Advisory mailing-list x_refsource_mlist

http://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN%3DwO5rYs6ktAX-5%3D-f5JDFwbbTSM2TTjEbGO5jKKA%40mail.gmail.com%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/75dc651478f9d04505b46d44fe3ac739e7aaf3d7bf1257973685f8f7%40%3Cdev.lucene.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/ca3105b6934ccd28e843dffe39724f6963ff49825e9b709837203649%40%3Cdev.lucene.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/e0f9c652b57a91fdcc287efcead620af9f4d8e46b88f0b761aa265de%40%3Cdev.lucene.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/43026507844ada1ac658ccf7bc939378c13e492fd6538416ce65df39%40%3Cdev.lucene.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20190327-0003/

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E

Vendor Advisory x_refsource_misc

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Vendor Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuoct2020.html

Scores

CVSS v3 7.5

EPSS 0.5954

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-918

Status published

Products (2)

apache/solr 1.3.0 - 7.6.0

org.apache.solr/solr-core 1.30 - 7.7.0Maven

Published Mar 08, 2019

Tracked Since Feb 18, 2026