5 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-3164
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the shards parameter does not have a corresponding whitelist mechanism, a...
CVE-2021-27905 SSRF vulnerability with the Replication handler
The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability,...
GHSA-VRH8-27Q8-FR8F Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...
UBUNTU-CVE-2017-3164
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...
DEBIAN-CVE-2017-3164
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...