CVE-2021-44548
Vulnerability from cvelistv5
Published
2021-12-23 08:55
Modified
2024-08-04 04:25
Severity ?
Summary
Apache Solr information disclosure vulnerability through DataImportHandler
References
security@apache.orghttps://security.netapp.com/advisory/ntap-20220114-0005/Third Party Advisory
security@apache.orghttps://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandlerVendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:25:16.937Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandler"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220114-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows"
          ],
          "product": "Apache Solr",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "8.11.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Apache Solr would like to thank LaiHan of Nsfocus security team for reporting the issue"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-40",
              "description": "CWE-40: Path Traversal: \u0027\\\\UNC\\share\\name\\\u0027 (Windows UNC Share)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-14T06:06:11",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandler"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220114-0005/"
        }
      ],
      "source": {
        "defect": [
          "SOLR-15826"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Apache Solr information disclosure vulnerability through DataImportHandler",
      "workarounds": [
        {
          "lang": "en",
          "value": "Upgrade to Solr 8.11.1, and/or ensure only trusted clients can make requests to Solr\u0027s DataImport handler."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-44548",
          "STATE": "PUBLIC",
          "TITLE": "Apache Solr information disclosure vulnerability through DataImportHandler"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Solr",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_value": "8.11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Apache Solr would like to thank LaiHan of Nsfocus security team for reporting the issue"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-40: Path Traversal: \u0027\\\\UNC\\share\\name\\\u0027 (Windows UNC Share)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandler",
              "refsource": "MISC",
              "url": "https://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandler"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220114-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220114-0005/"
            }
          ]
        },
        "source": {
          "defect": [
            "SOLR-15826"
          ],
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Upgrade to Solr 8.11.1, and/or ensure only trusted clients can make requests to Solr\u0027s DataImport handler."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-44548",
    "datePublished": "2021-12-23T08:55:09",
    "dateReserved": "2021-12-04T00:00:00",
    "dateUpdated": "2024-08-04T04:25:16.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-44548\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2021-12-23T09:15:06.693\",\"lastModified\":\"2022-08-09T13:28:40.967\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Comprobaci\u00f3n de Entrada Inapropiada en DataImportHandler de Apache Solr permite a un atacante proporcionar una ruta UNC de Windows que resulta en una llamada de red SMB que es hecha desde el host Solr a otro host en la red. Si el atacante presenta un acceso m\u00e1s amplio a la red, esto puede conllevar a ataques SMB, que pueden resultar en: * La exfiltraci\u00f3n de datos confidenciales como los hashes de usuario del Sistema Operativo (hashes NTLM/LM), * En caso de sistemas configurados inapropiadamente, ataques de retransmisi\u00f3n SMB que pueden conllevar a una suplantaci\u00f3n de usuarios en recursos compartidos SMB o, en el peor de los casos, una ejecuci\u00f3n de c\u00f3digo remota. Este problema afecta a todas las versiones de Apache Solr anteriores a 8.11.1. Este problema s\u00f3lo afecta a Windows\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-40\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.11.1\",\"matchCriteriaId\":\"ABDB705B-5A94-4FF9-B292-0977F7CE5255\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://security.netapp.com/advisory/ntap-20220114-0005/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandler\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.