CVE-2017-7660 (GCVE-0-2017-7660)

Vulnerability from cvelistv5 – Published: 2017-07-07 19:00 – Updated: 2024-09-16 18:13
VLAI?
Summary
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.
Severity ?
No CVSS data available.
CWE
  • Information Disclosure
Assigner
References
Impacted products
Vendor Product Version
Apache Software Foundation Apache Solr Affected: 5.3 to 5.5.4
Affected: 6.0 to 6.5.1
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:12:28.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181127-0003/"
          },
          {
            "name": "[announce] 20170707 [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201707.mbox/%3CCAOOKt53EgrybaD%2BiSn-nBbvFdse-szhg%3DhMoDZuvUvyMme-Z%3Dg%40mail.gmail.com%3E"
          },
          {
            "name": "99485",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99485"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Solr",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "5.3 to 5.5.4"
            },
            {
              "status": "affected",
              "version": "6.0 to 6.5.1"
            }
          ]
        }
      ],
      "datePublic": "2017-07-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either \"HttpClientInterceptorPlugin\" or \"HttpClientBuilderPlugin\", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-28T10:57:01",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181127-0003/"
        },
        {
          "name": "[announce] 20170707 [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201707.mbox/%3CCAOOKt53EgrybaD%2BiSn-nBbvFdse-szhg%3DhMoDZuvUvyMme-Z%3Dg%40mail.gmail.com%3E"
        },
        {
          "name": "99485",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99485"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2017-07-07T00:00:00",
          "ID": "CVE-2017-7660",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Solr",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.3 to 5.5.4"
                          },
                          {
                            "version_value": "6.0 to 6.5.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either \"HttpClientInterceptorPlugin\" or \"HttpClientBuilderPlugin\", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.netapp.com/advisory/ntap-20181127-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181127-0003/"
            },
            {
              "name": "[announce] 20170707 [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr",
              "refsource": "MLIST",
              "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201707.mbox/%3CCAOOKt53EgrybaD%2BiSn-nBbvFdse-szhg%3DhMoDZuvUvyMme-Z%3Dg%40mail.gmail.com%3E"
            },
            {
              "name": "99485",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99485"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2017-7660",
    "datePublished": "2017-07-07T19:00:00Z",
    "dateReserved": "2017-04-11T00:00:00",
    "dateUpdated": "2024-09-16T18:13:03.269Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:5.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A15EC7D-D9FD-4BAF-AB39-3CDF36485557\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:5.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3BE5B93-258A-4CE9-990C-3B8447A6B454\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:5.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A6ECE67-ED5D-4188-9E67-3B4C91251D20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:5.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78C579A3-DBF2-4B9A-9119-DD7854D1B74A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:5.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBB5011F-D3B0-4778-9EE6-052EFA99608D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:5.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5EABC66-0815-4B89-B0ED-2C44EC20F8DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:5.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E79098DA-B7D2-4A8A-9FD8-B1B4330DBA75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:5.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3541C154-9A45-4331-8C15-B0BABE388058\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:5.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F38C7034-7432-4530-8CFC-A04F08300074\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:5.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DE8EEE3-1EC6-4277-86CA-6AF6CC5B7928\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29F3170C-C5D6-431F-A2DD-692636CF5DAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA339070-A2BD-4559-B400-2BC2EB9923A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:6.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B737CF14-C14A-4D97-B838-47EC4A2C68C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:6.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"036F935D-B469-47C6-AF5D-3DFC73070753\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:6.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42A1A17A-32EA-40A2-9A1E-6019B493B5C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:6.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76557E9C-1F16-44D9-ACA1-F4DAEC966F05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:6.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE068A02-D47A-4C6C-BFD3-040385599CA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:6.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CB3F9EB-63DE-4780-A357-FE89D1DB70CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:6.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"099B5DFD-CCD9-4EE7-B49E-77EC286D5F19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:6.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"745CE558-1411-4356-9B79-2805FB4C80D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:solr:6.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9B41559-4695-467E-B7EA-B9D86127CFD7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either \\\"HttpClientInterceptorPlugin\\\" or \\\"HttpClientBuilderPlugin\\\", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.\"}, {\"lang\": \"es\", \"value\": \"Apache Solr utiliza un mecanismo basado en PKI para proteger la comunicaci\\u00f3n entre nodos cuando la seguridad est\\u00e1 habilitada. Es posible crear un nombre de nodo especialmente elaborado que no existe como parte del cl\\u00faster y apunta hacia un nodo malicioso. Esto puede enga\\u00f1ar a los nodos del cl\\u00faster para creer que el nodo malicioso es un miembro del cl\\u00faster. Por lo tanto, si los usuarios de Solr han habilitado el mecanismo de autenticaci\\u00f3n BasicAuth mediante BasicAuthPlugin o si el usuario ha implementado un complemento de autenticaci\\u00f3n personalizado, que no implementa \\\"HttpClientInterceptorPlugin\\\" o \\\"HttpClientBuilderPlugin\\\", sus servidores son vulnerables a este ataque. Los usuarios que solo utilizan SSL sin autenticaci\\u00f3n b\\u00e1sica o aquellos que utilizan Kerberos no se ven afectados.\"}]",
      "id": "CVE-2017-7660",
      "lastModified": "2024-11-21T03:32:24.290",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-07-07T19:29:00.197",
      "references": "[{\"url\": \"http://mail-archives.us.apache.org/mod_mbox/www-announce/201707.mbox/%3CCAOOKt53EgrybaD%2BiSn-nBbvFdse-szhg%3DhMoDZuvUvyMme-Z%3Dg%40mail.gmail.com%3E\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99485\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20181127-0003/\", \"source\": \"security@apache.org\"}, {\"url\": \"http://mail-archives.us.apache.org/mod_mbox/www-announce/201707.mbox/%3CCAOOKt53EgrybaD%2BiSn-nBbvFdse-szhg%3DhMoDZuvUvyMme-Z%3Dg%40mail.gmail.com%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99485\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20181127-0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-7660\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2017-07-07T19:29:00.197\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either \\\"HttpClientInterceptorPlugin\\\" or \\\"HttpClientBuilderPlugin\\\", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.\"},{\"lang\":\"es\",\"value\":\"Apache Solr utiliza un mecanismo basado en PKI para proteger la comunicaci\u00f3n entre nodos cuando la seguridad est\u00e1 habilitada. Es posible crear un nombre de nodo especialmente elaborado que no existe como parte del cl\u00faster y apunta hacia un nodo malicioso. Esto puede enga\u00f1ar a los nodos del cl\u00faster para creer que el nodo malicioso es un miembro del cl\u00faster. Por lo tanto, si los usuarios de Solr han habilitado el mecanismo de autenticaci\u00f3n BasicAuth mediante BasicAuthPlugin o si el usuario ha implementado un complemento de autenticaci\u00f3n personalizado, que no implementa \\\"HttpClientInterceptorPlugin\\\" o \\\"HttpClientBuilderPlugin\\\", sus servidores son vulnerables a este ataque. Los usuarios que solo utilizan SSL sin autenticaci\u00f3n b\u00e1sica o aquellos que utilizan Kerberos no se ven afectados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:5.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A15EC7D-D9FD-4BAF-AB39-3CDF36485557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:5.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3BE5B93-258A-4CE9-990C-3B8447A6B454\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:5.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A6ECE67-ED5D-4188-9E67-3B4C91251D20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78C579A3-DBF2-4B9A-9119-DD7854D1B74A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBB5011F-D3B0-4778-9EE6-052EFA99608D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5EABC66-0815-4B89-B0ED-2C44EC20F8DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:5.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E79098DA-B7D2-4A8A-9FD8-B1B4330DBA75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:5.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3541C154-9A45-4331-8C15-B0BABE388058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:5.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F38C7034-7432-4530-8CFC-A04F08300074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:5.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DE8EEE3-1EC6-4277-86CA-6AF6CC5B7928\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29F3170C-C5D6-431F-A2DD-692636CF5DAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA339070-A2BD-4559-B400-2BC2EB9923A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B737CF14-C14A-4D97-B838-47EC4A2C68C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:6.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036F935D-B469-47C6-AF5D-3DFC73070753\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:6.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42A1A17A-32EA-40A2-9A1E-6019B493B5C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:6.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76557E9C-1F16-44D9-ACA1-F4DAEC966F05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:6.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE068A02-D47A-4C6C-BFD3-040385599CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:6.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CB3F9EB-63DE-4780-A357-FE89D1DB70CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:6.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"099B5DFD-CCD9-4EE7-B49E-77EC286D5F19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:6.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"745CE558-1411-4356-9B79-2805FB4C80D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:6.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9B41559-4695-467E-B7EA-B9D86127CFD7\"}]}]}],\"references\":[{\"url\":\"http://mail-archives.us.apache.org/mod_mbox/www-announce/201707.mbox/%3CCAOOKt53EgrybaD%2BiSn-nBbvFdse-szhg%3DhMoDZuvUvyMme-Z%3Dg%40mail.gmail.com%3E\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99485\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20181127-0003/\",\"source\":\"security@apache.org\"},{\"url\":\"http://mail-archives.us.apache.org/mod_mbox/www-announce/201707.mbox/%3CCAOOKt53EgrybaD%2BiSn-nBbvFdse-szhg%3DhMoDZuvUvyMme-Z%3Dg%40mail.gmail.com%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99485\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20181127-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.