CVE-2017-3164

Name of the Vulnerable Software and Affected Versions Apache Solr versions 1.3 through 7.6

Description The issue allows a remote attacker with access to the server to make Apache Solr perform an HTTP GET request to any reachable URL, due to the lack of a whitelist mechanism for the shards parameter. This enables Server Side Request Forgery.

Recommendations For Apache Solr versions 1.3 through 7.6, consider restricting access to the shards parameter to minimize the risk of exploitation. As a temporary workaround, restrict the Solr server from making HTTP GET requests to unauthorized URLs until a patch is available.