// For flags

CVE-2017-3163

solr: Directory traversal via Index Replication HTTP API

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.

Cuando se usa la característica Index Replication, los nodos Apache Solr pueden tomar archivos index de un nodo master/leader usando una API HTTP que acepta un nombre de archivo. Sin embargo, Solr en versiones anteriores a la 5.5.4 y en versiones 6.x anteriores a la 6.4.1 no valida el nombre de archivo, por lo que fue posible manipular una petición especial que involucre un salto de ruta, dejando expuestos todos los archivos legibles en el proceso de servidor Solr. Los servidores Solr protegidos y restringidos por reglas de firewall y/o autenticación no estarían en riesgo ya que solo los clientes y usuarios de confianza obtendrían acceso HTTP directo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-12-05 CVE Reserved
  • 2017-08-30 CVE Published
  • 2024-02-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Solr
Search vendor "Apache" for product "Solr"
 <= 5.5.3
Search vendor "Apache" for product "Solr" and version " <= 5.5.3"
-
Affected
Apache
Search vendor "Apache"
 Solr
Search vendor "Apache" for product "Solr"
 6.0.0
Search vendor "Apache" for product "Solr" and version "6.0.0"
-
Affected
Apache
Search vendor "Apache"
 Solr
Search vendor "Apache" for product "Solr"
 6.0.1
Search vendor "Apache" for product "Solr" and version "6.0.1"
-
Affected
Apache
Search vendor "Apache"
 Solr
Search vendor "Apache" for product "Solr"
 6.1.0
Search vendor "Apache" for product "Solr" and version "6.1.0"
-
Affected
Apache
Search vendor "Apache"
 Solr
Search vendor "Apache" for product "Solr"
 6.2.0
Search vendor "Apache" for product "Solr" and version "6.2.0"
-
Affected
Apache
Search vendor "Apache"
 Solr
Search vendor "Apache" for product "Solr"
 6.2.1
Search vendor "Apache" for product "Solr" and version "6.2.1"
-
Affected
Apache
Search vendor "Apache"
 Solr
Search vendor "Apache" for product "Solr"
 6.3.0
Search vendor "Apache" for product "Solr" and version "6.3.0"
-
Affected
Apache
Search vendor "Apache"
 Solr
Search vendor "Apache" for product "Solr"
 6.4.0
Search vendor "Apache" for product "Solr" and version "6.4.0"
-
Affected