QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-3163

Back to search

CVE-2017-3163

Published: Aug 30, 2017

Modified: Sep 16, 2024

PUBLISHED

Description

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.

VendorProductVersions

Apache Software Foundation

Apache Solr

affected
1.4.0 to 5.5.3
affected
6.0.0 to 6.4.0

References

RHSA-2018:1448
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1449
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1450
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1451
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1447
vendor-advisory
x_refsource_REDHAT
DSA-4124
vendor-advisory
x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now