Versions Compared

Old Version 8

changes.mady.by.user Cassandra Targett

Saved on

compared with

New Version 9

changes.mady.by.user Jan Høydahl

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Removed old unnecessary sections

...

DateCVETitleImpacted VersionsMitigationLinks
2019-11-18CVE-2019-12409RCE vulnerability due to bad config default8.1.1-8.2.0Can be mitigated with either a Solr upgrade or a configuration change.

Mailing list announcement

Jira issue: SOLR-13647

2019-09-09CVE-2019-12401XML Bomb in Apache Solr versions prior to 5.0

1.3.0-1.4.1

3.1.0-3.6.2

4.0.0-4.10.4

Can only be mitigated with Solr upgrade.

Mailing list announcement

Jira issue: SOLR-13750

2019-07-31CVE-2019-0193Remote Code Execution via DataImportHandlerall up to 8.2.0

Can be mitigated with either a Solr upgrade or a configuration change.


Mailing list announcement

Jira issue: SOLR-13669

2019-03-06CVE-2019-0192Deserialization of untrusted data via jmx.serviceUrl

5.0.0-5.5.5

6.0.0-6.6.5

Can be mitigated with either a Solr upgrade or a configuration change.

Mailing list announcement

Jira issue: SOLR-13301

2019-02-12CVE-2017-3164SSRF issue in Apache Solr1.3.0-7.6.0Can only be mitigated with Solr upgrade.

Mailing list announcement

Jira issue: SOLR-12770

2018-04-08CVE-2018-1308XXE attack through DIH's dataConfig request parameter

1.2-6.6.2

7.0.0-7.2.1

Can be mitigated with either a Solr upgrade or a configuration change.

Mailing list announcement

Jira issue: SOLR-11971

2017-10-26CVE-2016-6809Arbitrary Code Execution Vulnerabilty in Apache Tika

1.2-6.6.1

7.0

This vulnerability is with Apache Tika versions earlier than 1.14.

A Tika dependency update was released in Solr 6.6.2 and Solr 7.1.

Can only be mitigated with Solr upgrade.

Jira issue: SOLR-10335
2017-10-18CVE-2017-12629Several XXE & RCE vulnerabilities in Apache Solr

5.5.0-5.5.4

6.0.0-6.6.1

7.0.0-7.0.1

Can be mitigated with either a Solr upgrade or a configuration change.

Mailing list announcement

Jira issues: SOLR-11482 and SOLR-11477

2017-09-18CVE-2017-9803Vulnerability in Kerberos delegation token functionality6.2.0-6.6.0Can only be mitigated with a Solr upgrade.

Mailing list announcement

Jira issue: SOLR-11184

2017-07-07CVE-2017-7660Vulnerability in secure inter-node communication

5.3.0-5.5.4

6.0.0-6.5.1

Can only be mitigated with a Solr upgrade.

Mailing list announcement

Jira issue: SOLR-10624

2017-02-15CVE-2017-3163ReplicationHandler path traversal attack1.4.0-6.4.0Can only be mitigated with a Solr upgrade.

Mailing list announcement

Jira issue: SOLR-10031

Current state of affairs

  • SSL support was added in version 4.2 (SolrCloud v4.7).
  • Protection of Zookeeper content through ACLs was added in version 5.0
  • Authentication and Authorization plugin support was added in 5.2 (SolrCloud only).
    • Several bugs in this support were fixed in 5.3, so it's strongly recommended to use 5.3 or later if this feature is desired. The general recommendation is to always use the latest released version.
  • Basic Auth & Kerberos plugins and Rule-based Authorization plugin was added in 5.3

There is (as of 5.3) no role-based restrictions on the Admin UI, so be aware that anyone with access to Admin UI will be able to do anything with your system.

Need for firewall

Even though you add SSL or Authentication plugins, it is still strongly recommended that the application server containing Solr be firewalled such the only clients with access to Solr are your own. A default/example installation of Solr allows any client with access to it to add, update, and delete documents (and of course search/read too), including access to the Solr configuration and schema files and the administrative user interface.

If there is a need to provide query access to a Solr server from the open internet, it is highly recommended to use a proxy, such as one of these.

Cross-Site Scripting (XSS)

Solr has no known cross-site scripting vulnerabilities.

Quick XSS tip:

Problem: What if you want the browser to highlight text, but you also want to protect yourself from XSS and escape the HTML output? Solution: One solution is to escape the HTML output and then reapply the em tags. Now the rest of the snippet is safe and the browser will recognize the highlighted text.

For example, with groovy/grails you could have the following in your controller:

No Format

snippet = snippet.encodeAsHTML()
snippet = snippet.replaceAll('&lt;em&gt;', '<em>')
snippet = snippet.replaceAll('&lt;/em&gt;', </em>)

Cross-Site Request Forgery (CSRF)

Even if a Solr instance is protected by good firewalls so that "bad guys" have no direct access, that instance may be at risk to potential "Cross-Site Request Forgery" based attacks if the following are all true:

  1. Some number of "good guys" have direct access to that Solr instance from their web browsers.
  2. A "bad guy" knows/guesses the host:port/path of the Solr instance (even though they can not access it directly)
  3. The bad guy can trick one of the good guy into clicking a maliciously crafted URL, or loading a webpage that contains malicious javascript.

This is because Solr's most basic behavior is to receive updates and deletes via HTTP. If you have a firewall or other security measure restricting Solr's /update handler so it only accepts connections from approved hosts/clients, but you are approved then you could inadvertently be tricked into loading a web page that initiates an HTTP Connection to Solr on your behalf.

It's important to keep this in mind when thinking about what it means to "secure" an instance of Solr (if you have not already).

A basic technique that can be used to mitigate the risk of a possible CSRF attack like this is to configure your Servlet Container so that access to paths which can modify the index (ie: /update, /update/csv, etc...) are restricted either to specific client IPs, or using HTTP Authentication.

Document Level Security

Manifold CF (Connector Framework)

One way to add document level security to your search is through Apache ManifoldCF. ManifoldCF "defines a security model for target repositories that permits them to enforce source-repository security policies".

It works by adding security tokens from the source repositories as metadata on the indexed documents. Then, at query time, a Search Component adds a filter to all queries, matching only documents the logged-in user is allowed to see. ManifoldCF supports AD security out of the box.

Write Your Own RequestHandler or SearchComponent

*Stub - this is incomplete*

If ManifoldCF does not solve your need, first consider writing a ManifoldCF plugin. Or roll your own.

If you need permission based authentication – where user A can update document 1 and 2, but not 3 – you will need to augment the request with user information. Either you can add parameters to the query string (?u=XXX&p=YYY) or use a custom dispatcher filter that augments the context:

...


Need for firewall

Even though you add SSL or Authentication plugins, it is still strongly recommended that the application server containing Solr be firewalled such the only clients with access to Solr are your own. A default/example installation of Solr allows any client with access to it to add, update, and delete documents (and of course search/read too), including access to the Solr configuration and schema files and the administrative user interface.

If there is a need to provide query access to a Solr server from the open internet, it is highly recommended to use a proxy, such as one of these.

Cross-Site Request Forgery (CSRF)

Even if a Solr instance is protected by good firewalls so that "bad guys" have no direct access, that instance may be at risk to potential "Cross-Site Request Forgery" based attacks if the following are all true:

  1. Some number of "good guys" have direct access to that Solr instance from their web browsers.
  2. A "bad guy" knows/guesses the host:port/path of the Solr instance (even though they can not access it directly)
  3. The bad guy can trick one of the good guy into clicking a maliciously crafted URL, or loading a webpage that contains malicious javascript.

This is because Solr's most basic behavior is to receive updates and deletes via HTTP. If you have a firewall or other security measure restricting Solr's /update handler so it only accepts connections from approved hosts/clients, but you are approved then you could inadvertently be tricked into loading a web page that initiates an HTTP Connection to Solr on your behalf.

It's important to keep this in mind when thinking about what it means to "secure" an instance of Solr (if you have not already).

A basic technique that can be used to mitigate the risk of a possible CSRF attack like this is to configure your Servlet Container so that access to paths which can modify the index (ie: /update, /update/csv, etc...) are restricted either to specific client IPs, or using HTTP Authentication.

Streaming Consideration

If streaming is enabled, you need to make sure Solr is as secure as it needs to be. When streaming is enabled, the parameters "stream.url" will go to a remote site and download the content. Likewise, "stream.file" will read a file on disk.

...