org.apache.solr:solr-core@4.0.0-ALPHA vulnerabilities

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Denial of Service (DoS) via the update handler. Exploiting this vulnerability is possible by leveraging XML DOCTYPE and ENTITY type elements when the attacker can create a pattern that will expand while the server parses the XML.

Upgrade org.apache.solr:solr-core to version 5.0.0 or higher.

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Improper Input Validation in DataImportHandler, which allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in the exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes). In case of misconfigured systems, SMB relay attacks can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution.

Upgrade org.apache.solr:solr-core to version 8.11.1 or higher.

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Remote Code Execution (RCE). One can issue a HTTP request parameter stream.body which Solr will interpret as body content on the request, i.e. act as a POST request. This is useful for development and testing but can pose a security risk in production since users/clients with permission to GET on various endpoints can also post by using stream.body. The classic example is &stream.body=<delete><query>:</query></delete>. Furthermore, this feature cannot be turned off by configuration as it is not controlled by enableRemoteStreaming.

Upgrade org.apache.solr:solr-core to version 7.1.0 or higher.

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF). The ReplicationHandler (normally registered at /replication under a Solr core) has a masterUrl (also leaderUrl alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. These parameters are not checked against a similar configuration it uses for the shards parameter.

Upgrade org.apache.solr:solr-core to version 8.8.2 or higher.

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Access Restriction Bypass. When using ConfigurableInternodeAuthHadoopPlugin for authentication, Solr forwards/proxies distributed requests using server credentials instead of original client credentials. This results in incorrect authorization resolution on the receiving hosts.

Upgrade org.apache.solr:solr-core to version 8.8.2 or higher.

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Information Exposure. When starting Solr, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs.

Upgrade org.apache.solr:solr-core to version 8.8.2 or higher.

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Arbitrary File Access. The Replication handler allows commands backup, restore and deleteBackup that take unvalidated alocation parameter, i.e you could read/write to any location the solr user can access. Launching SMB attacks which may result in the exfiltration of sensitive data such as OS user hashes (NTLM/LMhashes). In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution.

Upgrade org.apache.solr:solr-core to version 8.6.0 or higher.

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. It is possible for an attacker to inject external entities through DataImportHandler's dataConfig parameter which is used for setting the whole DIH configuration when using debug mode of the DIH admin screen.

Upgrade org.apache.solr:solr-core to version 8.2.0 or higher.

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). The shards parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

Upgrade org.apache.solr:solr-core to version 7.6.0 or higher.

org.apache.solr:solr-core is an enterprise search platform written using Apache Lucene.

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. It can be used as XXE using the file/ftp/http protocols in order to read arbitrary local files from the server or the internal network. The manipulated files can be uploaded as config sets using solr's API, allowing to exploit that vulnerability.

Upgrade org.apache.solr:solr-core to versions 6.6.5, 7.4 or higher.

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene.

Affected versions of this package are vulnerable to Directory Traversal attacks. The Index Replication feature supports an HTTP API, but does not validate the file_name parameter, which is supplied by the user. An attacker can craft a special request and read any file on the server.

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene.

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene.

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene.

The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.

org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene

Affected versions of this package are vulnerable to Directory Traversal. In SolrResourceLoader attackers are able to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML External Entity) vulnerability to allow access to files across restricted network boundaries.

Upgrade org.apache.solr:solr-core to version 4.6.0 or higher.