Apache solr service exposed
Description
Apache Solr is an open-source enterprise search platform that provides full-text search, indexing, and data analysis capabilities. The Solr Admin Console is a web-based interface that provides administrative access to the Solr instance, including system configuration, core management, query execution, and detailed system information.
This vulnerability occurs when the Solr Admin Console is accessible from external networks without proper access controls. Exposing this administrative interface allows unauthorized users to view sensitive system information, execute queries against indexed data, and potentially modify configurations. This represents a significant security misconfiguration that should not exist in production environments.
Remediation
Restrict access to the Apache Solr Admin Console by implementing network-level access controls. This can be accomplished through one or more of the following methods:
1. Configure firewall rules to allow access only from trusted IP addresses or internal networks.
2. Implement authentication by enabling Solr's built-in authentication plugin. Add the following to your security.json file:
{
"authentication":{
"blockUnknown": true,
"class":"solr.BasicAuthPlugin",
"credentials":{"solr":"encrypted_password_here"}
}
}3. Use a reverse proxy (such as Apache HTTP Server or Nginx) to add an authentication layer and restrict access to the /solr path.
4. Bind Solr to localhost only if it only needs to be accessed by applications on the same server, by setting the SOLR_JETTY_HOST parameter in your Solr configuration.
After implementing these controls, verify that the Admin Console is no longer accessible from unauthorized networks.