QwikSec

Security Database

CVE

CWE

Training

CVE-2021-27905

Published: Apr 13, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

Vendor	Product	Versions
Apache Software Foundation	Apache Solr	affected `Apache Solr - < 8.8.2`

Weaknesses (CWE)

References

https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210611-0009/

x_refsource_CONFIRM

[solr-users] 20210618 CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability

mailing-list

x_refsource_MLIST

[solr-users] 20210618 Re: CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability

mailing-list

x_refsource_MLIST

[solr-users] 20210728 Re: CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability

mailing-list

x_refsource_MLIST

[ofbiz-notifications] 20210914 [jira] [Updated] (OFBIZ-12316) The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905)

mailing-list

x_refsource_MLIST

[ofbiz-commits] 20210915 [ofbiz-plugins] branch release18.12 updated: Fixed: The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905) (OFBIZ-12316)

mailing-list

x_refsource_MLIST

[ofbiz-notifications] 20210915 [jira] [Commented] (OFBIZ-12316) The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905)

mailing-list

x_refsource_MLIST

[ofbiz-notifications] 20210915 [jira] [Closed] (OFBIZ-12316) The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905)

mailing-list

x_refsource_MLIST

[ofbiz-commits] 20210915 [ofbiz-plugins] branch trunk updated: Fixed: The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905) (OFBIZ-12316)

mailing-list

x_refsource_MLIST

[ofbiz-commits] 20210915 [ofbiz-plugins] branch release17.12 updated: Fixed: The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905) (OFBIZ-12316)

mailing-list

x_refsource_MLIST

[ofbiz-notifications] 20210915 [jira] [Updated] (OFBIZ-12316) The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2021-27905 - Security Vulnerability | QwikSec