CVE-2017-7660

Source
https://cve.org/CVERecord?id=CVE-2017-7660
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7660.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-7660
Aliases
Published
2017-07-07T19:29:00.197Z
Modified
2026-07-08T16:07:20.971017Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.

References

Affected packages

Git / github.com/apache/lucene-solr

Affected ranges

Type
GIT
Repo
https://github.com/apache/lucene-solr
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:apache:solr:5.3.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.3.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.3.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.4.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.4.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.5.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.5.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.5.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.5.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.5.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.0.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.1.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.2.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.3.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.4.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.4.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.4.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.5.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.5.1:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "5.3.0"
        },
        {
            "last_affected": "5.3.0"
        },
        {
            "introduced": "5.3.1"
        },
        {
            "last_affected": "5.3.1"
        },
        {
            "introduced": "5.3.2"
        },
        {
            "last_affected": "5.3.2"
        },
        {
            "introduced": "5.4.0"
        },
        {
            "last_affected": "5.4.0"
        },
        {
            "introduced": "5.4.1"
        },
        {
            "last_affected": "5.4.1"
        },
        {
            "introduced": "5.5.0"
        },
        {
            "last_affected": "5.5.0"
        },
        {
            "introduced": "5.5.1"
        },
        {
            "last_affected": "5.5.1"
        },
        {
            "introduced": "5.5.2"
        },
        {
            "last_affected": "5.5.2"
        },
        {
            "introduced": "5.5.3"
        },
        {
            "last_affected": "5.5.3"
        },
        {
            "introduced": "5.5.4"
        },
        {
            "last_affected": "5.5.4"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "last_affected": "6.0.0"
        },
        {
            "introduced": "6.0.1"
        },
        {
            "last_affected": "6.0.1"
        },
        {
            "introduced": "6.1.0"
        },
        {
            "last_affected": "6.1.0"
        },
        {
            "introduced": "6.2.0"
        },
        {
            "last_affected": "6.2.0"
        },
        {
            "introduced": "6.2.1"
        },
        {
            "last_affected": "6.2.1"
        },
        {
            "introduced": "6.3.0"
        },
        {
            "last_affected": "6.3.0"
        },
        {
            "introduced": "6.4.0"
        },
        {
            "last_affected": "6.4.0"
        },
        {
            "introduced": "6.4.1"
        },
        {
            "last_affected": "6.4.1"
        },
        {
            "introduced": "6.4.2"
        },
        {
            "last_affected": "6.4.2"
        },
        {
            "introduced": "6.5.0"
        },
        {
            "last_affected": "6.5.0"
        },
        {
            "introduced": "6.5.1"
        },
        {
            "last_affected": "6.5.1"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

5.*
5.3.0
5.3.1
5.3.2
5.4.0
5.4.1
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
6.*
6.0.0
6.0.1
6.1.0
6.2.0
6.2.1
6.3.0
6.4.0
6.4.1
6.4.2
6.5.0
6.5.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7660.json"

Git / github.com/apache/solr

Affected ranges

Type
GIT
Repo
https://github.com/apache/solr
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:apache:solr:5.3.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.3.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.3.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.4.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.4.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.5.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.5.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.5.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.5.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:5.5.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.0.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.1.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.2.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.3.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.4.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.4.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.4.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.5.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:solr:6.5.1:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "5.3.0"
        },
        {
            "last_affected": "5.3.0"
        },
        {
            "introduced": "5.3.1"
        },
        {
            "last_affected": "5.3.1"
        },
        {
            "introduced": "5.3.2"
        },
        {
            "last_affected": "5.3.2"
        },
        {
            "introduced": "5.4.0"
        },
        {
            "last_affected": "5.4.0"
        },
        {
            "introduced": "5.4.1"
        },
        {
            "last_affected": "5.4.1"
        },
        {
            "introduced": "5.5.0"
        },
        {
            "last_affected": "5.5.0"
        },
        {
            "introduced": "5.5.1"
        },
        {
            "last_affected": "5.5.1"
        },
        {
            "introduced": "5.5.2"
        },
        {
            "last_affected": "5.5.2"
        },
        {
            "introduced": "5.5.3"
        },
        {
            "last_affected": "5.5.3"
        },
        {
            "introduced": "5.5.4"
        },
        {
            "last_affected": "5.5.4"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "last_affected": "6.0.0"
        },
        {
            "introduced": "6.0.1"
        },
        {
            "last_affected": "6.0.1"
        },
        {
            "introduced": "6.1.0"
        },
        {
            "last_affected": "6.1.0"
        },
        {
            "introduced": "6.2.0"
        },
        {
            "last_affected": "6.2.0"
        },
        {
            "introduced": "6.2.1"
        },
        {
            "last_affected": "6.2.1"
        },
        {
            "introduced": "6.3.0"
        },
        {
            "last_affected": "6.3.0"
        },
        {
            "introduced": "6.4.0"
        },
        {
            "last_affected": "6.4.0"
        },
        {
            "introduced": "6.4.1"
        },
        {
            "last_affected": "6.4.1"
        },
        {
            "introduced": "6.4.2"
        },
        {
            "last_affected": "6.4.2"
        },
        {
            "introduced": "6.5.0"
        },
        {
            "last_affected": "6.5.0"
        },
        {
            "introduced": "6.5.1"
        },
        {
            "last_affected": "6.5.1"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

5.*
5.3.0
5.3.1
5.3.2
5.4.0
5.4.1
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
6.*
6.0.0
6.0.1
6.1.0
6.2.0
6.2.1
6.3.0
6.4.0
6.4.1
6.4.2
6.5.0
6.5.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7660.json"