Hi All, It took me a while to get the following information about the detected vulnerability from the security team .The officially used security tool was able to exploit the issue using the following request :
GET / HTTP/1.0 Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1 Accept-Language: en Connection: Close User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Pragma: no-cache Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* This produced the following truncated output (limited to 10 lines) : ------------------------------ snip ------------------------------ Location: http://<IP address>:8983/solr/ ------------------------------ snip ------------------------------ The CVE number is CVE-2000-0649. https://nvd.nist.gov/vuln/detail/CVE-2000-0649 Can anyone suggest some fixes for the said vulnerability ? NVD - CVE-2000-0649<https://nvd.nist.gov/vuln/detail/CVE-2000-0649> Current Description . IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. nvd.nist.gov Thank you Anchal Sharma ________________________________ From: Davis, Daniel (NIH/NLM) [C] <daniel.da...@nih.gov.INVALID> Sent: Wednesday, February 16, 2022 9:58 PM To: users@solr.apache.org <users@solr.apache.org> Cc: solr-user <solr-u...@lucene.apache.org> Subject: Re: [EXTERNAL] Re: Vulnerability on solr port If the port is proxied to something else, maybe by a load balancer, then disclosing the IP address in an HTTP header could be an issue. The scanner doesn't know whether the port is proxied elsewhere. On 2/14/22, 8:29 AM, "matthew sporleder" <msporle...@gmail.com> wrote: CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and are confident the content is safe. So you scanned an internal IP address and somehow disclosed the internal IP address? On Mon, Feb 14, 2022 at 4:36 AM Anchal Sharma2 <anchs...@in.ibm.com> wrote: > > Hi All, > > We have got following vulnerability on port where apache solr is running on few of our servers .Does anyone have any ideas/suggestions on how to mitigate this ? > Vulnerability -> Web Server HTTP Header Internal IP Disclosure 8983 > > Thanks > Anchal Sharma
