lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Courtade <courtadej...@gmail.com>
Subject cve-2017-
Date Thu, 28 Feb 2019 19:54:34 GMT
This particular cve came out in the mailing list. Fed 12th


CVE-2017-3164 SSRF issue in Apache Solr

 I need to know what the exploit for this could be?


can a user send a bogus shards param via a web request and get a local file?


What does an attack vector look like for this?


I am being asked specifically this...


-          How would we know if the vulnerability in the Solr CVE was
taking advantage of? What are signs of us being exploited? What is the
worst case scenario with this CVE?

Could someone help me answer this please?



http://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN=wO5rYs6ktAX-5=-f5JDFwbbTSM2TTjEbGO5jKKA@mail.gmail.com%3E



the bug is



https://issues.apache.org/jira/browse/SOLR-12770



the mitigation is upgrading to solr 7.7

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message