Date: Tue, 12 Feb 2019 11:48:27 -0800 From: Tomas Fernandez Lobbe <tflobbe@...che.org> To: oss-security@...ts.openwall.com Subject: CVE-2017-3164: Apache Solr: SSRF issue CVE-2017-3164 SSRF issue in Apache Solr Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache Solr versions from 1.3 to 7.6.0 Description: The "shards" parameter does not have a corresponding whitelist mechanism, so it can request any URL. Mitigation: Upgrade to Apache Solr 7.7.0 or later. Ensure your network settings are configured so that only trusted traffic is allowed to ingress/egress your hosts running Solr. Credit: dk from Chaitin Tech References: https://issues.apache.org/jira/browse/SOLR-12770 https://wiki.apache.org/solr/SolrSecurity
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.