Apache Solr SSRF CVE-2017-3164
Description
Apache Solr versions prior to 7.7.0 contain a Server Side Request Forgery (SSRF) vulnerability in the select handler (CVE-2017-3164). This flaw allows unauthenticated remote attackers to force the Solr server to make arbitrary HTTP requests to internal network resources, potentially exposing sensitive services and data that are not directly accessible from the internet.
Remediation
Upgrade Apache Solr to version 7.7.0 or later, which contains a fix for CVE-2017-3164. Follow these steps:
1. Backup your data: Create a complete backup of your Solr indexes and configuration files before upgrading.
2. Download and install: Obtain Apache Solr 7.7.0 or the latest stable version from the official Apache Solr website.
3. Test the upgrade: Deploy the updated version in a staging environment first to ensure compatibility with your application.
4. Apply network controls: As an additional defense-in-depth measure, implement firewall rules to restrict outbound connections from the Solr server to only necessary services.
5. Verify the fix: After upgrading, test that the SSRF vulnerability has been remediated by attempting to reproduce the issue in a controlled manner.