Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2021-27905

Published: 13/04/2021 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Solr

Vulnerability Summary

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache solr

Vendor Advisories

Arch Linux Issues:
The ReplicationHandler (normally registered at "/replication" under a Solr core) has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core To prevent a server-side request forgery (SSRF) vulnerability, Solr ought to check these paramete ...

Github Repositories

https://github.com/Henry4E36/Solr-SSRF

Apache Solr SSRF(CVE-2021-27905)

Solr-SSRF Apache Solr SSRF #Use [-] Apache Solr SSRF漏洞 (CVE-2021-27905) [-] Options: -h or --help : 方法说明 -u or --url : 站点URL地址 -d or --dnslog : DnsLog eg python3 CVE-2021-27905py -u URL -d dnslog

https://github.com/pdelteil/CVE-2021-27905.POC

POC for LFI related to CVE-2021-27905

CVE-2021-27905POC POC for LFI related to CVE-2021-27905 POC for apache-solr-file-read nuclei template Use traversesh path For example, using /root as path, will display the content of all files (recursively) > /traversesh /root It's also possible to traverse and get the content of every file on the server (with reading privileges obviously) > /traverse

https://github.com/W2Ning/Solr-SSRF

CVE-2021-27905

Solr-SSRF CVE-2021-27905 Burp文件的repeat包里有复现的具体步骤 POC为Xray的检测插件

https://github.com/murataydemir/CVE-2021-27905

[CVE-2021-27905] Apache Solr ReplicationHandler Server Side Request Forgery (SSRF)

[CVE-2021-27905] Apache Solr ReplicationHandler Server Side Request Forgery (SSRF) Apache Solr (stands for Searching On Lucene with Replication) is a free, open-source search engine based on the Apache Lucene library Written in Java Apache Solr has RESTful XML/HTTP and JSON APIs and client libraries for many programming languages such as Java, Phyton, Ruby, C#, PHP, and ma

References

CWE-918https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20210611-0009/https://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3Ehttps://lists.apache.org/thread.html/rae9ccaecce9859f709ed1458545d90a4c07163070dc98b5e9e59057f%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r720a4a0497fc90bad5feec8aa18b777912ee15c7eeb5f882adbf523e%40%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/re9d64bb8e5dfefddcbf255adb4559e13a0df5b818da1b9b51329723f%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/rd232d77c57a8ce172359ab098df9512d8b37373ab87c444be911b430%40%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r78a3a4f1138a1608b0c6d4a2ee7647848c1a20b0d5c652cd9b02c25a%40%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r6ccec7fc54d82591b23c143f1f6a6e38f6e03e75db70870e4cb14a1a%40%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r8f1152a43c36d878bbeb5a92f261e9efaf3af313b033d7acfccea59d%40%3Cnotifications.ofbiz.apache.org%3Ehttps://nvd.nist.govhttps://github.com/Henry4E36/Solr-SSRFhttps://security.archlinux.org/CVE-2021-27905
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook