I updated the description of SOLR-12770 <https://issues.apache.org/jira/browse/SOLR-12770> a bit. The problem stated is that, since the "shards" parameter allows any URL, someone could make an insecure Solr instance hit some other (secure) web endpoint. Solr would throw an exception, but the error may include information from such endpoint (parsing error). I don't believe this would allow access to a local file (though, if you know of a way, please report to secur...@lucene.apache.org)
The only way to know (to my knowledge) if your Solr instance was affected is by looking at your Solr logs. If you log queries, you should be able to see what's being included in the "shards" parameter and detect something that's not looking right. Also, if Solr is fooled to hit some other endpoint, it would fail with a parsing error, so you should probably see exceptions in your logs. The worst case, I guess, depends on how much access the Solr process has and how much damage it can cause to an adjacent web endpoint via a GET request. Note that this can only impact you if your Solr instance can be directly accessed by untrusted sources. HTH On Thu, Feb 28, 2019 at 11:54 AM Jeff Courtade <courtadej...@gmail.com> wrote: > This particular cve came out in the mailing list. Fed 12th > > > CVE-2017-3164 SSRF issue in Apache Solr > > I need to know what the exploit for this could be? > > > can a user send a bogus shards param via a web request and get a local > file? > > > What does an attack vector look like for this? > > > I am being asked specifically this... > > > - How would we know if the vulnerability in the Solr CVE was > taking advantage of? What are signs of us being exploited? What is the > worst case scenario with this CVE? > > Could someone help me answer this please? > > > > > http://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN=wO5rYs6ktAX-5=-f5jdfwbbtsm2ttjebgo5j...@mail.gmail.com%3E > > > > the bug is > > > > https://issues.apache.org/jira/browse/SOLR-12770 > > > > the mitigation is upgrading to solr 7.7 >
