Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2019-03-08T21:00:00Z
Updated: 2024-09-16T19:52:10.132Z
Reserved: 2016-12-05T00:00:00
Link: CVE-2017-3164
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-03-08T21:29:00.250
Modified: 2024-11-21T03:24:57.700
Link: CVE-2017-3164
Redhat
No data.