Security Advisory

CVE-2017-3164

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-03-08 21:00:00

Last updated 2024-09-16 19:52:10

Assigner apache

State PUBLISHED

Description

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

← Browse all CVEs View on cve.org ↗