Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2019-03-08T21:00:00Z

Updated: 2024-09-16T19:52:10.132Z

Reserved: 2016-12-05T00:00:00

Link: CVE-2017-3164

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-03-08T21:29:00.250

Modified: 2024-11-21T03:24:57.700

Link: CVE-2017-3164

cve-icon Redhat

No data.