|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-12-27 | |
| Rule Name: | Apache Solr RemoteStreaming SSRF Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Apache Solr is an open-source search service developed in Java language, primarily based on HTTP and Apache Lucene implementation. When Apache Solr version is less than or equal to 8.8.1 and authentication is not enabled, attackers can directly write requests to enable specific configurations, ultimately leading to SSRF or arbitrary file reading. | |
| Impact: | SSRF is a security vulnerability constructed by an attacker to form a request initiated by a server. By exploiting this vulnerability, an attacker can bypass access restrictions such as firewalls, thereby using an infected or vulnerable server as a proxy for port scanning and even accessing internal system data. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |