HTTP: Apache Solr ReplicationHandler Server-Side Request Forgery
This signature detects attempts to exploit a known vulnerability against Apache Solr. A successful attack can lead to arbitrary code execution.
Extended Description
The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.
Affected Products
Apache solr
References
CVE: CVE-2021-27905
Short Name
HTTP:APACHE:SOLR-REPLCTN-SSRF
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Apache CVE-2021-27905 Forgery ReplicationHandler Request Server-Side Solr
Release Date
07/01/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3847
False Positive
Frequently
Vendors
Apache
CVSS Score
7.5