Vulnerability
Description
Solr is an open-source enterprise search platform, it’s written in Java.
Apache Solr is vulnerable to SSRF until version 8.8.1. Because authentication was disabled by default when Apache Solr was installed, unauthenticated attackers could use the Config API to enable requestDis patcher.requestParsers.enableRemoteStreaming, allowing them to access files.
Recommendations
Enable Authentication on All Services
Update Apache Solr to the latest version
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
