[AMBARI-25169] Upgrade Apache Solr version to 7.7.0 or later in Ambari - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.7.3
Fix Version/s: 2.7.4
Component/s: ambari-infra
Labels:
- pull-request-available

Description

CVE-2017-3164 SSRF issue in Apache Solr

Severity: High

Vendor: The Apache Software Foundation

Versions Affected:
Apache Solr versions from 1.3 to 7.6.0

Description:
The "shards" parameter does not have a corresponding whitelist mechanism,
so it can request any URL.

Mitigation:
Upgrade to Apache Solr 7.7.0 or later.
Ensure your network settings are configured so that only trusted traffic is
allowed to ingress/egress your hosts running Solr.

Credit:
dk from Chaitin Tech

References:
https://issues.apache.org/jira/browse/SOLR-12770
https://wiki.apache.org/solr/SolrSecurity

Attachments

Issue Links

links to

GitHub Pull Request #2834

Activity

People

Assignee:: Krisztian Kasa

Reporter:: Krisztian Kasa

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 26/Feb/19 08:47

Updated:: 05/Mar/19 12:14

Resolved:: 05/Mar/19 12:14

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 50m