Security for everyone

CVE-2021-27905 Scanner

Detects 'Server-Side-Request-Forgery (SSRF)' vulnerability in Apache Solr affects v. before 8.8.2.

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

15 sec

Scan only one

Domain, Ipv4

Source

-

Apache Solr is a widely used open-source search engine platform used by many organizations to manage their data. It is a popular choice because of its ability to handle high volumes of data and its fast speed in performing searches, making it an ideal tool for businesses with large amounts of data. Solr is normally registered at "/replication" under a Solr core, and it uses ReplicationHandler to replicate index data into the local core. 

Recently, a vulnerability, CVE-2021-27905, was detected in Apache Solr. This vulnerability affected essentially all Solr versions prior to its fix in version 8.8.2. The ReplicationHandler in Solr has a "masterUrl" parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data. To prevent a SSRF (Server-Side Request Forgery) vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. However, prior to the fix, it did not, making it extremely vulnerable to attacks.

Exploitation of this vulnerability can lead to attacks on the core, allowing attackers to execute arbitrary code in the context of the Solr instance. Attackers could also use the vulnerability to bypass firewalls and other security measures to gain access to sensitive data. In addition, attackers could use this vulnerability to launch other attacks, such as Distributed Denial of Service (DDoS) attacks.

Thanks to the pro features of the securityforeveryone.com platform, you can easily and quickly learn about vulnerabilities in your digital assets. By using this platform, you can stay ahead of potential vulnerabilities and threats, ensuring the integrity and security of your data. Don't wait until it's too late - sign up now and protect yourself against potential attacks by staying informed about the latest security threats and vulnerabilities.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture