Описание
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
Ссылки
- Mailing ListMitigationVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Mailing ListMitigationVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия от 1.3.0 (включая) до 7.6.0 (включая)
cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.55454
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 7 лет назад
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
CVSS3: 7.5
debian
почти 7 лет назад
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (in ...
CVSS3: 7.5
github
почти 7 лет назад
Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core
EPSS
Процентиль: 98%
0.55454
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-918