CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2021-44548 – Apache Solr information disclosure vulnerability through DataImportHandler
https://notcve.org/view.php?id=CVE-2021-44548
23 Dec 2021 — An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in... • https://security.netapp.com/advisory/ntap-20220114-0005 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-40: Path Traversal: '\\UNC\share\name\' (Windows UNC Share) •
CVSS: 9.1EPSS: 5%CPEs: 1EXPL: 0CVE-2021-29943 – Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections
https://notcve.org/view.php?id=CVE-2021-29943
13 Apr 2021 — When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts. Cuando se usa la función ConfigurableInternodeAuthHadoopPlugin para la autenticación, Apache Solr versiones anteriores a versión 8.8.2 reenviaría y realizaría proxy de unas peticiones distribuidas usando unas credenciales... • https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 35%CPEs: 1EXPL: 0CVE-2021-29262 – Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings
https://notcve.org/view.php?id=CVE-2021-29262
13 Apr 2021 — When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs. Cuando se inicia Apache Solr versiones anteriores a 8.8.2, configuradas con la fu... • https://lists.apache.org/thread.html/r1171f6417eeb6d5e1206d53e2b2ff2d6ee14026f8b595ef7d8a33b79%40%3Coak-issues.jackrabbit.apache.org%3E • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 94%CPEs: 1EXPL: 4CVE-2021-27905 – SSRF vulnerability with the Replication handler
https://notcve.org/view.php?id=CVE-2021-27905
13 Apr 2021 — The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to i... • https://github.com/murataydemir/CVE-2021-27905 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2020-13941
https://notcve.org/view.php?id=CVE-2020-13941
17 Aug 2020 — Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. Reportado en SOLR-14515 (privado) y corregido en SOLR-14561 (público), publicado en Solr versió... • https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11802
https://notcve.org/view.php?id=CVE-2018-11802
01 Apr 2020 — In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin). En Apache Solr, el clúster puede ser particionad... • https://www.openwall.com/lists/oss-security/2019/04/24/1 • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 93%CPEs: 4EXPL: 5CVE-2019-0193 – Apache Solr DataImportHandler Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-0193
01 Aug 2019 — In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enab... • https://github.com/jas502n/CVE-2019-0193 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 5%CPEs: 8EXPL: 0CVE-2017-3163 – solr: Directory traversal via Index Replication HTTP API
https://notcve.org/view.php?id=CVE-2017-3163
30 Aug 2017 — When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would g... • https://access.redhat.com/errata/RHSA-2018:1447 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2015-8795
https://notcve.org/view.php?id=CVE-2015-8795
15 Feb 2016 — Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js. Múltiples vulnerabilidades de XSS en la Admin UI en Apache Solr en versiones anteriores a 5.1 permiten a atacantes remotos inyectar secuencias de... • https://issues.apache.org/jira/browse/SOLR-7346 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •