Lucene search

ApacheCVE-2017-9803

HistorySep 18, 2017 - 9:29 p.m.

CVE-2017-9803

2017-09-1821:29:00

CWE-287

apache

web.nvd.nist.gov

cve-2017-9803

apache solr

kerberos

access leakage

privilege escalation

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.2%

JSON

Apache Solr’s Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. The vulnerability is fixed from Apache Solr 6.6.1 onwards.

Affected configurations

Nvd

Vulners

Node

apachesolrMatch6.2.0

apachesolrMatch6.2.1

apachesolrMatch6.3.0

apachesolrMatch6.4.0

apachesolrMatch6.4.1

apachesolrMatch6.4.2

apachesolrMatch6.5.0

apachesolrMatch6.5.1

apachesolrMatch6.6.0

VendorProductVersionCPE
apachesolr6.2.0cpe:2.3:a:apache:solr:6.2.0:*:*:*:*:*:*:*
apachesolr6.2.1cpe:2.3:a:apache:solr:6.2.1:*:*:*:*:*:*:*
apachesolr6.3.0cpe:2.3:a:apache:solr:6.3.0:*:*:*:*:*:*:*
apachesolr6.4.0cpe:2.3:a:apache:solr:6.4.0:*:*:*:*:*:*:*
apachesolr6.4.1cpe:2.3:a:apache:solr:6.4.1:*:*:*:*:*:*:*
apachesolr6.4.2cpe:2.3:a:apache:solr:6.4.2:*:*:*:*:*:*:*
apachesolr6.5.0cpe:2.3:a:apache:solr:6.5.0:*:*:*:*:*:*:*
apachesolr6.5.1cpe:2.3:a:apache:solr:6.5.1:*:*:*:*:*:*:*
apachesolr6.6.0cpe:2.3:a:apache:solr:6.6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	solr	6.2.0	cpe:2.3:a:apache:solr:6.2.0:::::::*
apache	solr	6.2.1	cpe:2.3:a:apache:solr:6.2.1:::::::*
apache	solr	6.3.0	cpe:2.3:a:apache:solr:6.3.0:::::::*
apache	solr	6.4.0	cpe:2.3:a:apache:solr:6.4.0:::::::*
apache	solr	6.4.1	cpe:2.3:a:apache:solr:6.4.1:::::::*
apache	solr	6.4.2	cpe:2.3:a:apache:solr:6.4.2:::::::*
apache	solr	6.5.0	cpe:2.3:a:apache:solr:6.5.0:::::::*
apache	solr	6.5.1	cpe:2.3:a:apache:solr:6.5.1:::::::*
apache	solr	6.6.0	cpe:2.3:a:apache:solr:6.6.0:::::::*

CNA Affected

[
  {
    "product": "Apache Solr",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "6.2.0 to 6.6.0"
      }
    ]
  }
]