Vulnerability Details CVE-2017-3164
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.477
EPSS Ranking 97.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN%3DwO5rYs6ktAX-5%3D-f5JDFwbbTSM2TTjEbGO5jKKA%40mail.gmail.com%3E
- http://www.securityfocus.com/bid/107026
- https://lists.apache.org/thread.html/43026507844ada1ac658ccf7bc939378c13e492fd6538416ce65df39%40%3Cdev.lucene.apache.org%3E
- https://lists.apache.org/thread.html/75dc651478f9d04505b46d44fe3ac739e7aaf3d7bf1257973685f8f7%40%3Cdev.lucene.apache.org%3E
- https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
- https://lists.apache.org/thread.html/ca3105b6934ccd28e843dffe39724f6963ff49825e9b709837203649%40%3Cdev.lucene.apache.org%3E
- https://lists.apache.org/thread.html/e0f9c652b57a91fdcc287efcead620af9f4d8e46b88f0b761aa265de%40%3Cdev.lucene.apache.org%3E
- https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E
- https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
- https://security.netapp.com/advisory/ntap-20190327-0003/
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN%3DwO5rYs6ktAX-5%3D-f5JDFwbbTSM2TTjEbGO5jKKA%40mail.gmail.com%3E
- http://www.securityfocus.com/bid/107026
- https://lists.apache.org/thread.html/43026507844ada1ac658ccf7bc939378c13e492fd6538416ce65df39%40%3Cdev.lucene.apache.org%3E
- https://lists.apache.org/thread.html/75dc651478f9d04505b46d44fe3ac739e7aaf3d7bf1257973685f8f7%40%3Cdev.lucene.apache.org%3E
- https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
- https://lists.apache.org/thread.html/ca3105b6934ccd28e843dffe39724f6963ff49825e9b709837203649%40%3Cdev.lucene.apache.org%3E
- https://lists.apache.org/thread.html/e0f9c652b57a91fdcc287efcead620af9f4d8e46b88f0b761aa265de%40%3Cdev.lucene.apache.org%3E
- https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E
- https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
- https://security.netapp.com/advisory/ntap-20190327-0003/
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Products affected by CVE-2017-3164
-
cpe:2.3:a:apache:solr:1.3.0
-
cpe:2.3:a:apache:solr:1.4.0
-
cpe:2.3:a:apache:solr:1.4.1
-
cpe:2.3:a:apache:solr:3.1
-
cpe:2.3:a:apache:solr:3.1.0
-
cpe:2.3:a:apache:solr:3.2
-
cpe:2.3:a:apache:solr:3.2.0
-
cpe:2.3:a:apache:solr:3.3
-
cpe:2.3:a:apache:solr:3.3.0
-
cpe:2.3:a:apache:solr:3.4.0
-
cpe:2.3:a:apache:solr:3.5.0
-
cpe:2.3:a:apache:solr:3.6.0
-
cpe:2.3:a:apache:solr:3.6.1
-
cpe:2.3:a:apache:solr:3.6.2
-
cpe:2.3:a:apache:solr:4.0.0
-
cpe:2.3:a:apache:solr:4.1.0
-
cpe:2.3:a:apache:solr:4.10.0
-
cpe:2.3:a:apache:solr:4.10.1
-
cpe:2.3:a:apache:solr:4.10.2
-
cpe:2.3:a:apache:solr:4.10.3
-
cpe:2.3:a:apache:solr:4.10.4
-
cpe:2.3:a:apache:solr:4.2.0
-
cpe:2.3:a:apache:solr:4.2.1
-
cpe:2.3:a:apache:solr:4.3.0
-
cpe:2.3:a:apache:solr:4.3.1
-
cpe:2.3:a:apache:solr:4.4.0
-
cpe:2.3:a:apache:solr:4.5.0
-
cpe:2.3:a:apache:solr:4.5.1
-
cpe:2.3:a:apache:solr:4.6.0
-
cpe:2.3:a:apache:solr:4.6.1
-
cpe:2.3:a:apache:solr:4.7.0
-
cpe:2.3:a:apache:solr:4.7.1
-
cpe:2.3:a:apache:solr:4.7.2
-
cpe:2.3:a:apache:solr:4.8.0
-
cpe:2.3:a:apache:solr:4.8.1
-
cpe:2.3:a:apache:solr:4.9.0
-
cpe:2.3:a:apache:solr:4.9.1
-
cpe:2.3:a:apache:solr:5.0
-
cpe:2.3:a:apache:solr:5.0.0
-
cpe:2.3:a:apache:solr:5.1
-
cpe:2.3:a:apache:solr:5.1.0
-
cpe:2.3:a:apache:solr:5.2.0
-
cpe:2.3:a:apache:solr:5.2.1
-
cpe:2.3:a:apache:solr:5.3
-
cpe:2.3:a:apache:solr:5.3.0
-
cpe:2.3:a:apache:solr:5.3.1
-
cpe:2.3:a:apache:solr:5.3.2
-
cpe:2.3:a:apache:solr:5.4.0
-
cpe:2.3:a:apache:solr:5.4.1
-
cpe:2.3:a:apache:solr:5.5.0
-
cpe:2.3:a:apache:solr:5.5.1
-
cpe:2.3:a:apache:solr:5.5.2
-
cpe:2.3:a:apache:solr:5.5.3
-
cpe:2.3:a:apache:solr:5.5.4
-
cpe:2.3:a:apache:solr:5.5.5
-
cpe:2.3:a:apache:solr:6.0.0
-
cpe:2.3:a:apache:solr:6.0.1
-
cpe:2.3:a:apache:solr:6.1.0
-
cpe:2.3:a:apache:solr:6.2.0
-
cpe:2.3:a:apache:solr:6.2.1
-
cpe:2.3:a:apache:solr:6.3.0
-
cpe:2.3:a:apache:solr:6.4.0
-
cpe:2.3:a:apache:solr:6.4.1
-
cpe:2.3:a:apache:solr:6.4.2
-
cpe:2.3:a:apache:solr:6.5.0
-
cpe:2.3:a:apache:solr:6.5.1
-
cpe:2.3:a:apache:solr:6.6.0
-
cpe:2.3:a:apache:solr:6.6.1
-
cpe:2.3:a:apache:solr:6.6.2
-
cpe:2.3:a:apache:solr:6.6.3
-
cpe:2.3:a:apache:solr:6.6.4
-
cpe:2.3:a:apache:solr:6.6.5
-
cpe:2.3:a:apache:solr:6.6.6
-
cpe:2.3:a:apache:solr:7.0.0
-
cpe:2.3:a:apache:solr:7.0.1
-
cpe:2.3:a:apache:solr:7.1.0
-
cpe:2.3:a:apache:solr:7.2.0
-
cpe:2.3:a:apache:solr:7.2.1
-
cpe:2.3:a:apache:solr:7.3.0
-
cpe:2.3:a:apache:solr:7.3.1
-
cpe:2.3:a:apache:solr:7.4.0
-
cpe:2.3:a:apache:solr:7.5.0
-
cpe:2.3:a:apache:solr:7.6.0