CVE-2021-27905

Description

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.

NVD
Severity: CRITICAL
CVE ID: CVE-2021-27905
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2021-27905

Refrence: Project Discovery GitHub

Henry4E36

Apache Solr SSRF(CVE-2021-27905)

Refrence: GitHub

W2Ning

CVE-2021-27905

Refrence: GitHub

murataydemir

[CVE-2021-27905] Apache Solr ReplicationHandler Server Side Request Forgery (SSRF)

Refrence: GitHub

pdelteil

POC for LFI related to CVE-2021-27905

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept