CVE-2017-3163

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.

References

Affected packages

Git / github.com/apache/lucene-solr

Affected ranges

Type: GIT
Repo: https://github.com/apache/lucene-solr
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8655b97b27d8da470c8235683af11a8b85a2b10f

Affected versions

Other

grafts/lucene-oldest

grafts/lucene-solr-copy

grafts/lucene-solr-oldest-merged

grafts/solr-incubator-latest

grafts/solr-incubator-oldest

grafts/solr-latest

grafts/solr-oldest

history/branches/lucene-solr/LUCENE2793

history/branches/lucene-solr/docvalues

history/branches/lucene-solr/lucene2858

history/branches/lucene-solr/lucene3606

history/branches/lucene-solr/lucene3661

history/branches/lucene-solr/lucene3795_lsp_spatial_module

history/branches/lucene-solr/lucene3969

history/branches/lucene-solr/lucene4055

history/branches/lucene-solr/preflexfixes

history/branches/lucene-solr/realtime_search

history/branches/lucene-solr/solr2452

releases/lucene-solr/5.*

releases/lucene-solr/5.5.0

releases/lucene-solr/5.5.1

releases/lucene-solr/5.5.2

releases/lucene-solr/5.5.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-3163.json"