Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Veracode
Veracodeadded 2017/07/07 9:11 p.m.25 views

Node Spoof

Solr is vulnerable to node spoof. When using the BasicAuth authentication mechanism through the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", attackers are able to spoof...

7.5CVSS6.8AI score0.00335EPSS
Exploits1References2Affected Software1
Prion
Prionadded 2017/07/07 7:29 p.m.9 views

Authentication flaw

Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious...

5CVSS7.5AI score0.00335EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2017/07/07 7:0 p.m.79 views

CVE-2017-7660

CVE-2017-7660 affects Apache Solr inter-node communication when security is enabled. A specially crafted node name can mislead cluster nodes into treating a malicious node as a legitimate member if BasicAuth is enabled via BasicAuthPlugin or a custom authentication plugin that does not implement ...

7.5CVSS7.4AI score0.00335EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder