Vulnerability Details CVE-2021-27905
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.942
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E
- https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E
- https://lists.apache.org/thread.html/r6ccec7fc54d82591b23c143f1f6a6e38f6e03e75db70870e4cb14a1a%40%3Ccommits.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r720a4a0497fc90bad5feec8aa18b777912ee15c7eeb5f882adbf523e%40%3Ccommits.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r78a3a4f1138a1608b0c6d4a2ee7647848c1a20b0d5c652cd9b02c25a%40%3Ccommits.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r8f1152a43c36d878bbeb5a92f261e9efaf3af313b033d7acfccea59d%40%3Cnotifications.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E
- https://lists.apache.org/thread.html/rae9ccaecce9859f709ed1458545d90a4c07163070dc98b5e9e59057f%40%3Cnotifications.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/rd232d77c57a8ce172359ab098df9512d8b37373ab87c444be911b430%40%3Cnotifications.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/re9d64bb8e5dfefddcbf255adb4559e13a0df5b818da1b9b51329723f%40%3Cnotifications.ofbiz.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210611-0009/
- https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3E
- https://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3E
- https://lists.apache.org/thread.html/r6ccec7fc54d82591b23c143f1f6a6e38f6e03e75db70870e4cb14a1a%40%3Ccommits.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r720a4a0497fc90bad5feec8aa18b777912ee15c7eeb5f882adbf523e%40%3Ccommits.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r78a3a4f1138a1608b0c6d4a2ee7647848c1a20b0d5c652cd9b02c25a%40%3Ccommits.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r8f1152a43c36d878bbeb5a92f261e9efaf3af313b033d7acfccea59d%40%3Cnotifications.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3E
- https://lists.apache.org/thread.html/rae9ccaecce9859f709ed1458545d90a4c07163070dc98b5e9e59057f%40%3Cnotifications.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/rd232d77c57a8ce172359ab098df9512d8b37373ab87c444be911b430%40%3Cnotifications.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/re9d64bb8e5dfefddcbf255adb4559e13a0df5b818da1b9b51329723f%40%3Cnotifications.ofbiz.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210611-0009/
Products affected by CVE-2021-27905
-
cpe:2.3:a:apache:solr:-
-
cpe:2.3:a:apache:solr:1.1.0
-
cpe:2.3:a:apache:solr:1.2
-
cpe:2.3:a:apache:solr:1.2.0
-
cpe:2.3:a:apache:solr:1.3.0
-
cpe:2.3:a:apache:solr:1.4.0
-
cpe:2.3:a:apache:solr:1.4.1
-
cpe:2.3:a:apache:solr:3.1
-
cpe:2.3:a:apache:solr:3.1.0
-
cpe:2.3:a:apache:solr:3.2
-
cpe:2.3:a:apache:solr:3.2.0
-
cpe:2.3:a:apache:solr:3.3
-
cpe:2.3:a:apache:solr:3.3.0
-
cpe:2.3:a:apache:solr:3.4.0
-
cpe:2.3:a:apache:solr:3.5.0
-
cpe:2.3:a:apache:solr:3.6.0
-
cpe:2.3:a:apache:solr:3.6.1
-
cpe:2.3:a:apache:solr:3.6.2
-
cpe:2.3:a:apache:solr:4.0.0
-
cpe:2.3:a:apache:solr:4.1.0
-
cpe:2.3:a:apache:solr:4.10.0
-
cpe:2.3:a:apache:solr:4.10.1
-
cpe:2.3:a:apache:solr:4.10.2
-
cpe:2.3:a:apache:solr:4.10.3
-
cpe:2.3:a:apache:solr:4.10.4
-
cpe:2.3:a:apache:solr:4.2.0
-
cpe:2.3:a:apache:solr:4.2.1
-
cpe:2.3:a:apache:solr:4.3.0
-
cpe:2.3:a:apache:solr:4.3.1
-
cpe:2.3:a:apache:solr:4.4.0
-
cpe:2.3:a:apache:solr:4.5.0
-
cpe:2.3:a:apache:solr:4.5.1
-
cpe:2.3:a:apache:solr:4.6.0
-
cpe:2.3:a:apache:solr:4.6.1
-
cpe:2.3:a:apache:solr:4.7.0
-
cpe:2.3:a:apache:solr:4.7.1
-
cpe:2.3:a:apache:solr:4.7.2
-
cpe:2.3:a:apache:solr:4.8.0
-
cpe:2.3:a:apache:solr:4.8.1
-
cpe:2.3:a:apache:solr:4.9.0
-
cpe:2.3:a:apache:solr:4.9.1
-
cpe:2.3:a:apache:solr:5.0
-
cpe:2.3:a:apache:solr:5.0.0
-
cpe:2.3:a:apache:solr:5.1
-
cpe:2.3:a:apache:solr:5.1.0
-
cpe:2.3:a:apache:solr:5.2.0
-
cpe:2.3:a:apache:solr:5.2.1
-
cpe:2.3:a:apache:solr:5.3
-
cpe:2.3:a:apache:solr:5.3.0
-
cpe:2.3:a:apache:solr:5.3.1
-
cpe:2.3:a:apache:solr:5.3.2
-
cpe:2.3:a:apache:solr:5.4.0
-
cpe:2.3:a:apache:solr:5.4.1
-
cpe:2.3:a:apache:solr:5.5.0
-
cpe:2.3:a:apache:solr:5.5.1
-
cpe:2.3:a:apache:solr:5.5.2
-
cpe:2.3:a:apache:solr:5.5.3
-
cpe:2.3:a:apache:solr:5.5.4
-
cpe:2.3:a:apache:solr:5.5.5
-
cpe:2.3:a:apache:solr:6.0.0
-
cpe:2.3:a:apache:solr:6.0.1
-
cpe:2.3:a:apache:solr:6.1.0
-
cpe:2.3:a:apache:solr:6.2.0
-
cpe:2.3:a:apache:solr:6.2.1
-
cpe:2.3:a:apache:solr:6.3.0
-
cpe:2.3:a:apache:solr:6.4.0
-
cpe:2.3:a:apache:solr:6.4.1
-
cpe:2.3:a:apache:solr:6.4.2
-
cpe:2.3:a:apache:solr:6.5.0
-
cpe:2.3:a:apache:solr:6.5.1
-
cpe:2.3:a:apache:solr:6.6.0
-
cpe:2.3:a:apache:solr:6.6.1
-
cpe:2.3:a:apache:solr:6.6.2
-
cpe:2.3:a:apache:solr:6.6.3
-
cpe:2.3:a:apache:solr:6.6.4
-
cpe:2.3:a:apache:solr:6.6.5
-
cpe:2.3:a:apache:solr:6.6.6
-
cpe:2.3:a:apache:solr:7.0.0
-
cpe:2.3:a:apache:solr:7.0.1
-
cpe:2.3:a:apache:solr:7.1.0
-
cpe:2.3:a:apache:solr:7.2.0
-
cpe:2.3:a:apache:solr:7.2.1
-
cpe:2.3:a:apache:solr:7.3.0
-
cpe:2.3:a:apache:solr:7.3.1
-
cpe:2.3:a:apache:solr:7.4.0
-
cpe:2.3:a:apache:solr:7.5.0
-
cpe:2.3:a:apache:solr:7.6.0
-
cpe:2.3:a:apache:solr:7.7.0
-
cpe:2.3:a:apache:solr:7.7.1
-
cpe:2.3:a:apache:solr:7.7.2
-
cpe:2.3:a:apache:solr:7.7.3
-
cpe:2.3:a:apache:solr:8.0.0
-
cpe:2.3:a:apache:solr:8.1.0
-
cpe:2.3:a:apache:solr:8.1.1
-
cpe:2.3:a:apache:solr:8.1.2
-
cpe:2.3:a:apache:solr:8.2.0
-
cpe:2.3:a:apache:solr:8.3.0
-
cpe:2.3:a:apache:solr:8.3.1
-
cpe:2.3:a:apache:solr:8.4.0
-
cpe:2.3:a:apache:solr:8.4.1
-
cpe:2.3:a:apache:solr:8.5.0
-
cpe:2.3:a:apache:solr:8.5.1
-
cpe:2.3:a:apache:solr:8.5.2
-
cpe:2.3:a:apache:solr:8.6.0
-
cpe:2.3:a:apache:solr:8.6.1
-
cpe:2.3:a:apache:solr:8.6.2
-
cpe:2.3:a:apache:solr:8.6.3
-
cpe:2.3:a:apache:solr:8.8.1