Re: Vulnerability on solr port

This also means that if Solr is reachable from the outside via reverse proxy (this should never happen btw) the issue can be mitigated by configuring the reverse proxy with the internal network Solr hostname instead of the internal network ip address. On Fri, Apr 8, 2022 at 8:42 AM Vincenzo D'Am

Re: Vulnerability on solr port

I agree that a relative redirect without the ip/hostname of the server, and not even the port should solve the security issue in a fairly simple way. Just another thing I tried to do a couple of calls by myself: curl -vv localhost:8983/ 7 err < HTTP/1.1 302 Found < Loc

Re: Vulnerability on solr port

Are you assigning internal dns names to your solr servers? This possibly will allow the redirect to use the internal dns name instead, likely fooling the CVE checker program :) Just a thought on what to try if the checker-runner folks are not understanding types. As noted by the above folks, simpl

Re: Vulnerability on solr port

On 2022-04-07 6:18 PM, matthew sporleder wrote: Yes I agree the point of the "vulnerability" is that an http 1.0 request (does not require a Host header) will cause the origin to guess what it should put in the Location header. In some cases that guess is the ip of the server. In an http 1.1 or

Re: Vulnerability on solr port

Yes I agree the point of the "vulnerability" is that an http 1.0 request (does not require a Host header) will cause the origin to guess what it should put in the Location header. In some cases that guess is the ip of the server. In an http 1.1 or higher request the host header is used. I don'

Re: Vulnerability on solr port

“IP address of the original server” Is exactly the problem. A solr server doesn’t/shouldn’t have an up address that exists outside of the internal network. So even if it didn’t get an IP it would have no vulnerabilities since, it’s not a real ip. The only people or machines that can touch ot are

Re: Vulnerability on solr port

I don't think this is the point and I agree that Solr should not be accessible from the outside world but only from a restricted number of clients. So in my opinion, the OP was trying to explain that, for example, if you make an http call to solr through a reverse proxy (or a chain of) with the pa

Re: Vulnerability on solr port

On 2022-04-07 9:56 AM, Anchal Sharma2 wrote: Hi All, It took me a while to get the following information about the detected vulnerability from the security team . ... Maybe you should educate them about a vulnerability in the `ping` command: if they ping your solr server by its name, it'll t

Re: Vulnerability on solr port

On 4/7/2022 8:56 AM, Anchal Sharma2 wrote: The CVE number is CVE-2000-0649. https://nvd.nist.gov/vuln/detail/CVE-2000-0649 Can anyone suggest some fixes for the said vulnerability ? NVD - CVE-2000-0649 Current Description . IIS 4.0 allows remote

Re: Vulnerability on solr port

st.gov/vuln/detail/CVE-2000-0649> > > Current Description . IIS 4.0 allows remote attackers to obtain the > internal IP address of the server via an HTTP 1.0 request for a web page > which is protected by basic authentication and has no realm defined. > > nvd.nist.gov > > > &

Re: Vulnerability on solr port

a an HTTP 1.0 request for a web page which is > protected by basic authentication and has no realm defined. > nvd.nist.gov > > Thank you > Anchal Sharma > > From: Davis, Daniel (NIH/NLM) [C] > Sent: Wednesday, February 16, 2022 9:58 PM >

RE: Vulnerability on solr port

Sharma From: Davis, Daniel (NIH/NLM) [C] Sent: Wednesday, February 16, 2022 9:58 PM To: users@solr.apache.org Cc: solr-user Subject: Re: [EXTERNAL] Re: Vulnerability on solr port If the port is proxied to something else, maybe by a load balancer, then disclosing the IP address

Re: [EXTERNAL] Re: Vulnerability on solr port

If the port is proxied to something else, maybe by a load balancer, then disclosing the IP address in an HTTP header could be an issue. The scanner doesn't know whether the port is proxied elsewhere. On 2/14/22, 8:29 AM, "matthew sporleder" wrote: CAUTION: This email originated from outs

Re: Vulnerability on solr port

> On Feb 14, 2022, at 3:35 AM, Anchal Sharma2 > wrote: > > We have got following vulnerability on port where apache solr is running on > few of our servers .Does anyone have any ideas/suggestions on how to mitigate > this ? > Vulnerability -> Web Server HTTP Heade

Re: Vulnerability on solr port

> On Feb 14, 2022, at 3:35 AM, Anchal Sharma2 > wrote: > > We have got following vulnerability on port where apache solr is running on > few of our servers .Does anyone have any ideas/suggestions on how to mitigate > this ? > Vulnerability -> Web Server HTTP Heade

Re: Vulnerability on solr port

So you scanned an internal IP address and somehow disclosed the internal IP address? On Mon, Feb 14, 2022 at 4:36 AM Anchal Sharma2 wrote: > > Hi All, > > We have got following vulnerability on port where apache solr is running on > few of our servers .Does anyone have any ideas/suggestions on h

Vulnerability on solr port

Hi All, We have got following vulnerability on port where apache solr is running on few of our servers .Does anyone have any ideas/suggestions on how to mitigate this ? Vulnerability -> Web Server HTTP Header Internal IP Disclosure 8983 Thanks Anchal Sharma