HomePentest-Tools.com Logo

Apache Solr <=8.8.1 - Server-Side Request Forgery CVE-2021-27905

Severity
CVSSv3 Score
9.8
Vulnerability description

Apache Solr versions 8.8.1 and prior contain a server-side request forgery vulnerability. The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter.

Risk description

No risk description to display.

Recommendation

This issue is resolved in Apache Solr 8.8.2 and later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Apr 13, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available