I believe these are all related to exposed api/admin endpoints so your network is probably protecting you but poor input sanitation could expose you, of course- like /myappsearch?search=../../replication?evilpayload (classic sql-style injection style)
If you have, literally, removed the handlers for those url endpoints from your config I think you are pretty safe. On Fri, Jun 18, 2021 at 6:54 AM Anchal Sharma2 <[email protected]> wrote: > > Hi All, > > We are currently using Solr Cloud(solr version 8.6.3) in our application > .Since it doesn't use master-slave solr approach we do not have replication > handler set up (to replicate master to slave)set up on any of our solr nodes. > Could some one please confirm ,if following vulnerability is still applicable > for us? > > CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability > Description: A critical vulnerability was found in Apache Solr up to 8.8.1 > (CVSS 9.8). Affected by this vulnerability is an unknown code block of the > file /replication; the manipulation of the argument masterUrl/leaderUrl with > an unknown input can lead to a privilege escalation vulnerability. *Note: > There are now POCs targeting CVE-2021-27905 (Apache Solr <= 8.8.1 SSRF), > CVE-2017-12629 (Remote Code Execution via SSRF), and CVE-2019-0193 > (DataImportHandler). There are also Metasploit modules for the Apache Solr > Velocity RCE, and two Apache OFBiz vulnerabilities. Given the number of > vulnerabilities, severity, and availability of POCs, it is highly recommended > that any vulnerable systems be patched as soon as possible. > > Thanks > Anchal Sharma
