[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2021-44548: Apache Solr information disclosure vulnerability through DataImportHa
From:       Jan_Høydahl <janhoy () apache ! org>
Date:       2021-12-18 16:03:14
Message-ID: 1a42c865-2a9b-a8c1-a422-140d180d76f7 () apache ! org
[Download RAW message or body]

Severity: moderate

Description:

An Improper Input Validation vulnerability in DataImportHandler of Apache =
Solr allows an attacker to provide a Windows UNC path resulting in an SMB =
network call being made from the Solr host to another host on the network. =
If the attacker has wider access to the network, this may lead to SMB =
attacks, which may result in:

* The exfiltration of sensitive data such as OS user hashes (NTLM/LM =
hashes),
* In case of misconfigured systems, SMB Relay Attacks which can lead to =
user impersonation on SMB Shares or, in a worse-case scenario, Remote Code =
Execution

This issue affects all Apache Solr versions prior to 8.11.1. This issue =
only affects Windows.

This issue is being tracked as SOLR-15826

Mitigation:

Upgrade to Solr 8.11.1, and/or ensure only trusted clients can make =
requests to Solr's DataImport handler.

Credit:

Apache Solr would like to thank LaiHan of Nsfocus security team for =
reporting the issue

References:

https://solr.apache.org/security.html#cve-2021-44548-apache-solr-informatio=
n-disclosure-vulnerability-through-dataimporthandler

[prev in list] [next in list] [prev in thread] [next in thread]