CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2021-44548 – Apache Solr information disclosure vulnerability through DataImportHandler
https://notcve.org/view.php?id=CVE-2021-44548
23 Dec 2021 — An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in... • https://security.netapp.com/advisory/ntap-20220114-0005 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-40: Path Traversal: '\\UNC\share\name\' (Windows UNC Share) •
CVSS: 9.1EPSS: 5%CPEs: 1EXPL: 0CVE-2021-29943 – Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections
https://notcve.org/view.php?id=CVE-2021-29943
13 Apr 2021 — When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts. Cuando se usa la función ConfigurableInternodeAuthHadoopPlugin para la autenticación, Apache Solr versiones anteriores a versión 8.8.2 reenviaría y realizaría proxy de unas peticiones distribuidas usando unas credenciales... • https://lists.apache.org/thread.html/r91dd0ff556e0c9aab4c92852e0e540c59d4633718ce12881558cf44d%40%3Cusers.solr.apache.org%3E • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 35%CPEs: 1EXPL: 0CVE-2021-29262 – Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings
https://notcve.org/view.php?id=CVE-2021-29262
13 Apr 2021 — When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs. Cuando se inicia Apache Solr versiones anteriores a 8.8.2, configuradas con la fu... • https://lists.apache.org/thread.html/r1171f6417eeb6d5e1206d53e2b2ff2d6ee14026f8b595ef7d8a33b79%40%3Coak-issues.jackrabbit.apache.org%3E • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 94%CPEs: 1EXPL: 4CVE-2021-27905 – SSRF vulnerability with the Replication handler
https://notcve.org/view.php?id=CVE-2021-27905
13 Apr 2021 — The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to i... • https://github.com/murataydemir/CVE-2021-27905 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2020-13941
https://notcve.org/view.php?id=CVE-2020-13941
17 Aug 2020 — Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. Reportado en SOLR-14515 (privado) y corregido en SOLR-14561 (público), publicado en Solr versió... • https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11802
https://notcve.org/view.php?id=CVE-2018-11802
01 Apr 2020 — In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin). En Apache Solr, el clúster puede ser particionad... • https://www.openwall.com/lists/oss-security/2019/04/24/1 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 32%CPEs: 3EXPL: 1CVE-2019-12401
https://notcve.org/view.php?id=CVE-2019-12401
10 Sep 2019 — Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs. Las versiones de Solr 1.3.0 a 1.4.1, 3.1.0 a 3.6.2 y 4.0.0 a 4.10.4 son vulnerables a un ataque de consumo de recursos XML (también conocido como Lol Bomb) a través de su controlador de actualización. En... • http://mail-archives.us.apache.org/mod_mbox/www-announce/201909.mbox/%3CCAECwjAXU4%3DkAo5DeUJw7Kvk67sgCmajAN7LGZQNjbjZ8gv%3DBdw%40mail.gmail.com%3E • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 9.0EPSS: 93%CPEs: 4EXPL: 5CVE-2019-0193 – Apache Solr DataImportHandler Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-0193
01 Aug 2019 — In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enab... • https://github.com/jas502n/CVE-2019-0193 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 57%CPEs: 1EXPL: 1CVE-2017-3164
https://notcve.org/view.php?id=CVE-2017-3164
08 Mar 2019 — Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL. Hay Server-Side Request Forgery (SSRF) en Apache Solr en versiones desde la 1.3 hasta la 7.6 (inclusivas). Como el parámetro "shards" no tiene un mecanismo de introducción en lista blanca correspondiente, un atacante remoto con acceso al serv... • https://github.com/tdwyer/PoC_CVE-2017-3164_CVE-2017-1262 • CWE-918: Server-Side Request Forgery (SSRF) •