2019-03-08 22:29:00 2019-04-05 13:29:00

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Apache Solr 7.5.0 (not an official CPE) Apache Solr 7.4.0 (not an official CPE) Apache Solr 7.3.1 (not an official CPE) Apache Solr 7.3.0 (not an official CPE) Apache Solr 7.2.1 (not an official CPE) Apache Solr 7.2.0 (not an official CPE) Apache Solr 7.1.0 (not an official CPE) Apache Solr 7.0.1 (not an official CPE) Apache Solr 7.0.0 (not an official CPE) Apache Solr 6.6.5 (not an official CPE) Apache Solr 6.6.4 (not an official CPE) Apache Solr 6.6.3 (not an official CPE) Apache Solr 6.6.2 (not an official CPE) Apache Solr 6.6.1 (not an official CPE) Apache Solr 6.6.0 (not an official CPE) Apache Solr 6.5.1 (not an official CPE) Apache Solr 6.5.0 (not an official CPE) Apache Solr 6.4.2 (not an official CPE) Apache Solr 6.4.1 (not an official CPE) Apache Solr 6.4.0 (not an official CPE) Apache Solr 6.3.0 (not an official CPE) Apache Solr 6.2.1 (not an official CPE) Apache Solr 6.2.0 (not an official CPE) Apache Solr 6.1.0 (not an official CPE) Apache Solr 6.0.1 (not an official CPE) Apache Solr 6.0.0 (not an official CPE) Apache Solr 5.5.5 (not an official CPE) Apache Solr 5.5.4 (not an official CPE) Apache Solr 5.5.3 (not an official CPE) Apache Solr 5.5.2 (not an official CPE) Apache Solr 5.5.1 (not an official CPE) Apache Solr 5.5.0 (not an official CPE) Apache Solr 5.4.1 (not an official CPE) Apache Solr 5.4.0 (not an official CPE) Apache Solr 5.3.2 (not an official CPE) Apache Solr 5.3.1 (not an official CPE) Apache Solr 5.3.0 (not an official CPE) Apache Solr 5.3 (not an official CPE) Apache Solr 5.2.1 (not an official CPE) Apache Solr 5.2.0 (not an official CPE) Apache Solr 5.1.0 (not an official CPE) Apache Solr 5.1 (not an official CPE) Apache Solr 5.0 (not an official CPE) Apache Solr 4.10.4 (not an official CPE) Apache Solr 4.10.3 (not an official CPE) Apache Solr 4.10.2 Apache Solr 4.10.1 Apache Solr 4.10.0 Apache Solr 4.9.1 Apache Solr 4.9.0 Apache Solr 4.8.1 Apache Solr 4.8.0 Apache Solr 4.7.2 Apache Solr 4.7.1 Apache Solr 4.7.0 Apache Solr 4.6.1 Apache Solr 4.6.0 Apache Solr 4.5.1 Apache Solr 4.5.0 Apache Solr 4.4.0 Apache Solr 4.3.1 Apache Solr 4.3.0 Apache Solr 4.2.1 Apache Solr 4.2.0 Apache Solr 4.1.0 Apache Solr 4.0.0 beta Apache Solr 4.0.0 alpha Apache Solr 4.0.0 Apache Software Foundation Solr 3.6.2 Apache Software Foundation Solr 3.6.1 Apache Software Foundation Solr 3.6.0 Apache Solr 3.5.0 (not an official CPE) Apache Solr 3.4.0 (not an official CPE) Apache Solr 3.3 (not an official CPE) Apache Solr 3.2 (not an official CPE) Apache Solr 3.1 (not an official CPE) Apache Solr 1.4.0 (not an official CPE) Apache Solr 1.3.0 (not an official CPE) Apache Solr 7.6.0 (not an official CPE)