daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2021/CVE-2021-27905.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-17 15:15:07 -04:00
parent d6249f3932
commit e529c329cf
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cves/2021/CVE-2021-27905.yaml
View File

@ -4,7 +4,7 @@ info:
name: Apache Solr <=8.8.1 - Server-Side Request Forgery
author: hackergautam
severity: critical
description: The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter.
description: Apache Solr versions 8.8.1 and prior contain a server-side request forgery vulnerability. The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter.
remediation: This issue is resolved in Apache Solr 8.8.2 and later.
reference:
- https://www.anquanke.com/post/id/238201
@ -46,4 +46,5 @@ requests:
- '<str name="status">OK</str>'
part: body
# Enhanced by mp on 2022/05/17