Pad Read the CVE. Do you have an affected version of Solr? Do you have the replication feature enabled in solrconfig.xml? Note that it might be enabled by default. Test directory traversal on your system: can you read files remotely? No? Then you are finished.
A better plan: upgrade to a newer version of Solr (I know, you may not be able to). Cheers -- Rick On November 20, 2017 4:01:47 AM EST, padmanabhan gonesani <paddu.1...@gmail.com> wrote: >Please help me here.... > > > >---------- Forwarded message ---------- >From: padmanabhan gonesani <paddu.1...@gmail.com> >Date: Mon, Nov 13, 2017 at 5:12 PM >Subject: CVE-2017-3163 - SOLR-5.2.1 version >To: gene...@lucene.apache.org > > > >Hi Team, > >*Description:* Apache Solr could allow a remote attacker to traverse >directories on the system, caused by a flaw in the Index Replication >feature. An attacker could send a specially-crafted request to read >arbitrary files on the system (CVE-ID: CVE-2017-3163) > >Security vulnerability link: https://cve.mitre.org/cgi-bin/ >cvename.cgi?name=CVE-2017-3163 > >*Apache SOLR implementation:* > >We are using Apache Solr-5.2.1 and replication factor=1 for index >creation. >We are using basic common SOLR features and it doesn't have the >following >features > >1. Index Replication >2. Master / slave mechanism > >*Considering the above not implemented features will this "CVE-ID: >CVE-2017-3163" security vulnerability have any impact?* > >Any help is appreciated here. > > >Best Regards, >Paddy G >+91-8148593020 <+91%2081485%2093020> > > > >-- > > >Best Regards, >Paddy G >+91-8148593020 -- Sorry for being brief. Alternate email is rickleir at yahoo dot com
