CVE-2021-44548

Apache Solr information disclosure vulnerability through DataImportHandler

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.

Una vulnerabilidad de Comprobación de Entrada Inapropiada en DataImportHandler de Apache Solr permite a un atacante proporcionar una ruta UNC de Windows que resulta en una llamada de red SMB que es hecha desde el host Solr a otro host en la red. Si el atacante presenta un acceso más amplio a la red, esto puede conllevar a ataques SMB, que pueden resultar en: * La exfiltración de datos confidenciales como los hashes de usuario del Sistema Operativo (hashes NTLM/LM), * En caso de sistemas configurados inapropiadamente, ataques de retransmisión SMB que pueden conllevar a una suplantación de usuarios en recursos compartidos SMB o, en el peor de los casos, una ejecución de código remota. Este problema afecta a todas las versiones de Apache Solr anteriores a 8.11.1. Este problema sólo afecta a Windows

*Credits: Apache Solr would like to thank LaiHan of Nsfocus security team for reporting the issue

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-12-04 CVE Reserved
2021-12-23 CVE Published
2024-08-04 CVE Updated
2024-09-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-40: Path Traversal: '\\UNC\share\name\' (Windows UNC Share)

CAPEC

References (2)

URL	Tag	Source
https://security.netapp.com/advisory/ntap-20220114-0005	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandler	2022-08-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"	Solr Search vendor "Apache" for product "Solr"	< 8.11.1 Search vendor "Apache" for product "Solr" and version " < 8.11.1"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe