CVE-2021-27905

CRITICAL IN THE WILD NUCLEI LAB

Apache Solr - SSRF

Title source: llm

Description

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

Exploits (5)

nomisec WORKING POC 71 stars

by Henry4E36 · poc

https://github.com/Henry4E36/Solr-SSRF

View Code ZIP pw:eip

nomisec WRITEUP 5 stars

by murataydemir · poc

https://github.com/murataydemir/CVE-2021-27905

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by pdelteil · poc

https://github.com/pdelteil/CVE-2021-27905.POC

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by RIZZZIOM · poc

https://github.com/RIZZZIOM/CVE-2021-27905

View Code ZIP pw:eip

nomisec WRITEUP

by W2Ning · poc

https://github.com/W2Ning/Solr-SSRF

View Code ZIP pw:eip

Nuclei Templates (1)

Apache Solr <=8.8.1 - Server-Side Request Forgery

CRITICALby hackergautam

Shodan: cpe:"cpe:2.3:a:apache:solr" || http.title:"apache solr" || http.title:"solr admin"

FOFA: title="solr admin" || title="apache solr"

References (12)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20210611-0009/

[Mailing List] https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r6ccec7fc54d82591b23c143f1f6a6e38f6e03e75db70870e4cb14a1a%40%3Ccommits.ofbiz.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r720a4a0497fc90bad5feec8aa18b777912ee15c7eeb5f882adbf523e%40%3Ccommits.ofbiz.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r78a3a4f1138a1608b0c6d4a2ee7647848c1a20b0d5c652cd9b02c25a%40%3Ccommits.ofbiz.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r8f1152a43c36d878bbeb5a92f261e9efaf3af313b033d7acfccea59d%40%3Cnotifications.ofbiz.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rae9ccaecce9859f709ed1458545d90a4c07163070dc98b5e9e59057f%40%3Cnotifications.ofbiz.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rd232d77c57a8ce172359ab098df9512d8b37373ab87c444be911b430%40%3Cnotifications.ofbiz.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/re9d64bb8e5dfefddcbf255adb4559e13a0df5b818da1b9b51329723f%40%3Cnotifications.ofbiz.apache.org%3E

Scores

CVSS v3 9.8

EPSS 0.9390

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull solr:8.8.1

https://github.com/Henry4E36/Solr-SSRF

https://github.com/W2Ning/Solr-SSRF

https://github.com/murataydemir/CVE-2021-27905

+2 more repos

View in Library

Details

InTheWild.io 2021-04-18

CWE

CWE-918

Status published

Products (2)

apache/solr < 8.8.2

org.apache.solr/solr-parent 0 - 8.8.2Maven

Published Apr 13, 2021

Tracked Since Feb 18, 2026