Skip to main content

Solr CVE-2017-3163

HIGH
Path Traversal (CWE-22)
2017-08-30 security@apache.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 30, 2017 - 14:29 cve.org
HIGH 7.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 18 maven packages depend on org.apache.solr:solr-core (17 direct, 1 indirect)

Ecosystem-wide dependent count for version 6.0.0.

DescriptionCVE.org

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.

AnalysisAI

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.9%.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access. Affected products include: Apache Solr. Version information: before 5.5.4.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

More in Solr

View all
CVE-2017-12629 CRITICAL POC
9.8 Oct 14

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction wi

CVE-2013-6397 MEDIUM POC
4.3 Dec 07

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitr

CVE-2019-17558 HIGH POC
7.5 Dec 30

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. Rat

CVE-2024-45216 CRITICAL POC
9.8 Oct 16

Improper Authentication vulnerability in Apache Solr. Rated critical severity (CVSS 9.8), this vulnerability is remotely

CVE-2021-27905 CRITICAL POC
9.8 Apr 13

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also

CVE-2019-12409 CRITICAL POC
9.8 Nov 18

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration opt

CVE-2019-0192 CRITICAL POC
9.8 Mar 07

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP

CVE-2017-1000190 CRITICAL POC
9.1 Nov 17

SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and s

CVE-2021-33813 HIGH POC
7.5 Jun 16

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP reques

CVE-2019-12401 HIGH POC
7.5 Sep 10

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a

CVE-2019-0193 HIGH POC
7.2 Aug 01

In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources,

CVE-2021-44548 CRITICAL
9.8 Dec 23

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows U

Share

CVE-2017-3163 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy