Recently, NSFOCUS detected that an Apache Solr arbitrary file read and server-side request forgery (SSRF) vulnerability was disclosed on the Internet. Since authentication was disabled by default when Apache Solr was installed, unauthenticated attackers could turn on requestDis patcher.requestParsers.enableRemoteStreaming via the Config API, thereby exploiting the vulnerability to read files. Currently, the proof of concept (PoC) of this vulnerability has been made publicly available. Relevant users are advised to take protective measures as soon as possible.
Apache Solr is an open-source enterprise search platform from the Apache Lucene project. It is written in Java and runs as a standalone full-text search server within a servlet container such as Apache Tomcat or Jetty. Its major features include powerful full-text search, hit highlighting, faceted search, dynamic clustering, database integration, and rich document handling.
Scope of Impact
- Apache Solr <= 8.8.1 (all versions)
The vendor has not fixed the vulnerability, so secure versions are unavailable.
- Enable authentication and authorization by clicking the following link: https://lucene.apache.org/solr/guide/8_6/authentication-and-authorization-plugins.html
- Configure firewall policies to restrict Solr API (including Admin UI) access to trusted IP addresses and users.
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.