Vulnerability in Apache Solr's Node Communication Mechanism
CVE-2017-7660

7.5HIGH

Key Information:

Vendor

Apache
Status
Apache Solr
Vendor
CVE Published:
7 July 2017

What is CVE-2017-7660?

A vulnerability exists in Apache Solr related to the secure inter-node communication mechanism when security features are enabled. Malicious actors can exploit this by creating a specially crafted node name that is not part of the official cluster, effectively misleading the cluster's members to authenticate with a rogue node. This issue particularly affects setups using BasicAuth authentication through the BasicAuthPlugin or custom authentication plugins that fail to implement recommended interceptors. However, setups relying solely on SSL or those utilizing Kerberos authentication are not impacted.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Solr 5.3 to 5.5.4

Apache Solr 6.0 to 6.5.1

References

https://security.netapp.com/advisory/ntap-20181127-0003/
x_refsource_CONFIRM
http://mail-archives.us.apache.org/mod_mbox/www-announce/...
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/99485
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.