Yes, this looks like an IIS problem. IIS is on version 10, "Current Description . IIS 4.0 allows remote......"
there is no reason IIS 4.0 should be running, ever On Thu, Apr 7, 2022 at 3:00 PM Jan Høydahl <jan....@cominvent.com> wrote: > Hi, > > Solr is not a web server that is accessible to someone on the outside of > your firewall. > I.e. users on the outside will never issue requests direclty or indirectly > directly to Solr, unless you have exposed the raw Solr server through a > simple reverse proxy or similar, which is a big no-no. > What happens when you request http://solr-ip:8983/ <http://solr-ip:8983/> > is that there is no content there, so you get redirected to Solr's "webapp" > on /solr/. > The "Location: http..." is a Http 302 redirect message. > > Again, human users will never have direct access to Solr server, and if > they do they are already on the inside of your network and already know > Solr's IP address. > > Thus, this is not a vulnerability like it would perhaps be for an IIS > server that is designed to be end-user facing. > > Jan > > > 7. apr. 2022 kl. 16:56 skrev Anchal Sharma2 <anchs...@in.ibm.com>: > > > > Hi All, > > > > It took me a while to get the following information about the detected > vulnerability from the security team .The officially used security tool was > able to exploit the issue using the following request : > > > > GET / HTTP/1.0 > > Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1 > > Accept-Language: en > > Connection: Close > > User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; > Trident/4.0) > > Pragma: no-cache > > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, > */* > > > > > > > > > > This produced the following truncated output (limited to 10 lines) : > > ------------------------------ snip ------------------------------ > > Location: http://<IP address>:8983/solr/ > > > > > > ------------------------------ snip ------------------------------ > > > > The CVE number is CVE-2000-0649. > https://nvd.nist.gov/vuln/detail/CVE-2000-0649 Can anyone suggest some > fixes for the said vulnerability ? > > NVD - CVE-2000-0649<https://nvd.nist.gov/vuln/detail/CVE-2000-0649> > > Current Description . IIS 4.0 allows remote attackers to obtain the > internal IP address of the server via an HTTP 1.0 request for a web page > which is protected by basic authentication and has no realm defined. > > nvd.nist.gov > > > > Thank you > > Anchal Sharma > > ________________________________ > > From: Davis, Daniel (NIH/NLM) [C] <daniel.da...@nih.gov.INVALID> > > Sent: Wednesday, February 16, 2022 9:58 PM > > To: users@solr.apache.org <users@solr.apache.org> > > Cc: solr-user <solr-u...@lucene.apache.org> > > Subject: Re: [EXTERNAL] Re: Vulnerability on solr port > > > > If the port is proxied to something else, maybe by a load balancer, then > disclosing the IP address in an HTTP header could be an issue. The scanner > doesn't know whether the port is proxied elsewhere. > > > > On 2/14/22, 8:29 AM, "matthew sporleder" <msporle...@gmail.com> wrote: > > > > CAUTION: This email originated from outside of the organization. Do > not click links or open attachments unless you recognize the sender and are > confident the content is safe. > > > > > > So you scanned an internal IP address and somehow disclosed the > > internal IP address? > > > > On Mon, Feb 14, 2022 at 4:36 AM Anchal Sharma2 <anchs...@in.ibm.com> > wrote: > >> > >> Hi All, > >> > >> We have got following vulnerability on port where apache solr is > running on few of our servers .Does anyone have any ideas/suggestions on > how to mitigate this ? > >> Vulnerability -> Web Server HTTP Header Internal IP Disclosure 8983 > >> > >> Thanks > >> Anchal Sharma > > > >
