Path Traversal Vulnerability in Apache Solr Affecting Index Replication Feature
CVE-2017-3163

7.5HIGH

Key Information:

Vendor

Apache
Status
Apache Solr
Vendor
CVE Published:
30 August 2017

What is CVE-2017-3163?

The vulnerability in Apache Solr's Index Replication feature allows attackers to craft requests that exploit improper file name validation. This can lead to path traversal attacks, potentially exposing sensitive files to the Solr server process. While Solr instances behind firewalls and authentication may mitigate the risk, those accessible to untrusted clients remain vulnerable, highlighting the need for stringent security measures to protect data integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Solr 1.4.0 to 5.5.3

Apache Solr 6.0.0 to 6.4.0

References

https://access.redhat.com/errata/RHSA-2018:1448
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1449
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1450
vendor-advisoryx_refsource_REDHAT

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.