Apache Solr Parameter Injection - Vulnerability Database

Apache Solr Parameter Injection

Description

Apache Solr is an open-source enterprise search platform built on Apache Lucene, providing full-text search, faceted search, and document parsing capabilities.

This vulnerability occurs when an application fails to properly URL-encode user input before passing it to the Apache Solr web interface. Without proper encoding, attackers can inject additional query parameters into the HTTP request, potentially manipulating the behavior of Solr queries and accessing unintended functionality or data.

Remediation

Implement proper URL encoding for all user-supplied input before incorporating it into requests to the Apache Solr interface. Follow these steps:

1. Use built-in URL encoding functions provided by your programming language or framework:

// Java example
String encodedParam = URLEncoder.encode(userInput, "UTF-8");
String solrUrl = "http://solr-server/solr/core?q=" + encodedParam;

// Python example
import urllib.parse
encoded_param = urllib.parse.quote(user_input)
solr_url = f"http://solr-server/solr/core?q={encoded_param}"

// JavaScript/Node.js example
const encodedParam = encodeURIComponent(userInput);
const solrUrl = `http://solr-server/solr/core?q=${encodedParam}`;

2. Validate and sanitize input by implementing allowlists for expected characters and rejecting requests containing suspicious patterns such as '&', '=', or '%' in unexpected contexts.

3. Use parameterized queries or dedicated Solr client libraries (such as SolrJ for Java or pysolr for Python) that handle encoding automatically, rather than constructing raw HTTP requests manually.