CVE-2017-3163

Name of the Vulnerable Software and Affected Versions Apache Solr versions prior to 5.5.4 Apache Solr versions 6.x prior to 6.4.1

Description The issue allows an attacker to access files on the server by exploiting a path traversal vulnerability in the Index Replication feature's HTTP API. This is possible because the file name passed to the API is not properly validated. Servers protected by firewall rules and/or authentication are not at risk, as only trusted clients and users can access the API.

Recommendations For Apache Solr versions prior to 5.5.4, update to version 5.5.4 or later. For Apache Solr versions 6.x prior to 6.4.1, update to version 6.4.1 or later.