Apache Solr shards Parameter Server Side Request Forgery Vulnerability



A vulnerability in the shards parameter of Apache Solr could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) on a targeted system.

The vulnerability exists because the shards parameter of the affected software does not have a corresponding whitelist mechanism. An attacker could exploit this vulnerability by forcing the server to prompt Solr
to perform arbitrary HTTP GET requests. A successful exploit could allow the attacker to bypass certain security restrictions and perform other unauthorized actions.

Apache has confirmed this vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2017-3164

Source:: Cisco Multivendor Vulnerability Alerts