PT-2017-15696 · Apache · Apache Solr

Published

2017-08-30

Updated

2018-10-18

CVE-2017-3163

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Solr versions prior to 5.5.4 Apache Solr versions 6.x prior to 6.4.1

Description The issue allows an attacker to access files on the server by exploiting a path traversal vulnerability in the Index Replication feature's HTTP API. This is possible because the file name passed to the API is not properly validated. Servers protected by firewall rules and/or authentication are not at risk, as only trusted clients and users can access the API.

Recommendations For Apache Solr versions prior to 5.5.4, update to version 5.5.4 or later. For Apache Solr versions 6.x prior to 6.4.1, update to version 6.4.1 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2017-3163

DLA-1046-1

DSA-4124-1

GHSA-387V-84CV-9QMC

RHSA-2018:1448

RHSA-2018:1449

RHSA-2018:1450

RHSA-2018:1451

Affected Products

Apache Solr

PT-2017-15696 · Apache · Apache Solr

CVE-2017-3163

Weakness Enumeration

Related Identifiers

Affected Products

References · 28