CVE-2017-3163: Path Traversal
First published: Wed Feb 15 2017(Updated: )
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Solr | <=5.5.3 | |
| Apache Solr | =6.0.0 | |
| Apache Solr | =6.0.1 | |
| Apache Solr | =6.1.0 | |
| Apache Solr | =6.2.0 | |
| Apache Solr | =6.2.1 | |
| Apache Solr | =6.3.0 | |
| Apache Solr | =6.4.0 | |
| debian/lucene-solr | 3.6.2+dfsg-20+deb10u2 3.6.2+dfsg-24 3.6.2+dfsg-26 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2018:1447
- https://access.redhat.com/errata/RHSA-2018:1448
- https://access.redhat.com/errata/RHSA-2018:1449
- https://access.redhat.com/errata/RHSA-2018:1450
- https://access.redhat.com/errata/RHSA-2018:1451
- https://lists.apache.org/thread.html/a6a33a186f293f9f9aecf3bd39c76252bfc49a79de4321dd2a53b488@%3Csolr-user.lucene.apache.org%3E
- https://www.debian.org/security/2018/dsa-4124
- https://issues.apache.org/jira/browse/SOLR-10031
- https://github.com/apache/lucene-solr/commit/ae789c252687dc8a18bfdb677f2e6cd14570e4db
- https://security-tracker.debian.org/tracker/CVE-2017-3163
- http://lucene.472066.n3.nabble.com/SECURITY-CVE-2017-3163-Apache-Solr-ReplicationHandler-path-traversal-attack-td4320619.html
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://bugzilla.redhat.com/show_bug.cgi?id=1454783
- https://lists.apache.org/thread.html/a6a33a186f293f9f9aecf3bd39c76252bfc49a79de4321dd2a53b488%40%3Csolr-user.lucene.apache.org%3E
- collector/nvd-index
- collector/security-tracker-debian
- agent/type
- agent/softwarecombine
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-3163
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/first-publish-date
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- vendor/apache
- canonical/apache solr
- version/apache solr/5.5.3
- version/apache solr/6.0.0
- version/apache solr/6.0.1
- version/apache solr/6.1.0
- version/apache solr/6.2.0
- version/apache solr/6.2.1
- version/apache solr/6.3.0
- version/apache solr/6.4.0
- package-manager/debian