CVE-2017-7660

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-7660
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7660.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-7660
Aliases
Published
2017-07-07T19:29:00Z
Modified
2024-09-03T01:58:47.206214Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.

References

Affected packages

Git / github.com/apache/lucene-solr

Affected ranges

Type
GIT
Repo
https://github.com/apache/lucene-solr
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0a1dd10d5262153f4188dfa14a08ba28ec4ccb60
Last affected
2a228b3920a07f930f7afb6a42d0d20e184a943c
Last affected
31012120ebbd93744753eb37f1dbc5e654628291
Last affected
34a975ca3d4bd7fa121340e5bcbf165929e0542f
Last affected
43ab70147eb494324a1410f7a9f16a896a59bc6f
Last affected
4726c5b2d2efa9ba160b608d46a977d0a6b83f94
Last affected
48c80f91b8e5cd9b3a9b48e6184bd53e7619e7e3
Last affected
4b16c9a10c3c00cafaf1fc92ec3276a7bc7b8c95
Last affected
72f75b2503fa0aa4f0aff76d439874feb923bb0e
Last affected
764d0f19151dbff6f5fcd9fc4b2682cf934590c5
Last affected
8655b97b27d8da470c8235683af11a8b85a2b10f
Last affected
8e5d40b22a3968df065dfc078ef81cbb031f0e4a
Last affected
a66a44513ee8191e25b477372094bfa846450316
Last affected
bbe4b08cc1fb673d0c3eb4b8455f23ddc1364124
Last affected
c08f17bca0d9cbf516874d13d221ab100e5b7d58
Last affected
c7510a0fdd93329ec04c853c8557f4a3f2309eaf
Last affected
cb922f860e8f7522287b55ea4bcd1059219bc1b3
Last affected
cd1f23c63abe03ae650c75ec8ccb37762806cc75
Last affected
d218c56d3fe3b18e5b1c79e4e61f93c0b31408b6
Last affected
d57d7b14883a4b27990ee88419ac89dbed8f34bf
Last affected
f54d853a3c3a2ddcf24ee7e2c837dc4d403bc0b0

Affected versions

Other

grafts/lucene-oldest
grafts/lucene-solr-copy
grafts/lucene-solr-oldest-merged
grafts/solr-incubator-latest
grafts/solr-incubator-oldest
grafts/solr-latest
grafts/solr-oldest
history/branches/lucene-solr/LUCENE-5622
history/branches/lucene-solr/LUCENE2793
history/branches/lucene-solr/cleanup2878
history/branches/lucene-solr/docvalues
history/branches/lucene-solr/jira/lucene-5438-nrt-replication
history/branches/lucene-solr/lucene-6835
history/branches/lucene-solr/lucene-6997
history/branches/lucene-solr/lucene2510
history/branches/lucene-solr/lucene2858
history/branches/lucene-solr/lucene3069
history/branches/lucene-solr/lucene3312
history/branches/lucene-solr/lucene3606
history/branches/lucene-solr/lucene3661
history/branches/lucene-solr/lucene3795_lsp_spatial_module
history/branches/lucene-solr/lucene3846
history/branches/lucene-solr/lucene3969
history/branches/lucene-solr/lucene4055
history/branches/lucene-solr/lucene4199
history/branches/lucene-solr/lucene4236
history/branches/lucene-solr/lucene4335
history/branches/lucene-solr/lucene4446
history/branches/lucene-solr/lucene4547
history/branches/lucene-solr/lucene4765
history/branches/lucene-solr/lucene5178
history/branches/lucene-solr/lucene5207
history/branches/lucene-solr/lucene5339
history/branches/lucene-solr/lucene539399
history/branches/lucene-solr/lucene5468
history/branches/lucene-solr/lucene5487
history/branches/lucene-solr/lucene5493
history/branches/lucene-solr/lucene5611
history/branches/lucene-solr/lucene5666
history/branches/lucene-solr/lucene5675
history/branches/lucene-solr/lucene5752
history/branches/lucene-solr/lucene5858
history/branches/lucene-solr/lucene5969
history/branches/lucene-solr/lucene5995
history/branches/lucene-solr/lucene6196
history/branches/lucene-solr/lucene6238
history/branches/lucene-solr/lucene6271
history/branches/lucene-solr/lucene6299
history/branches/lucene-solr/lucene6487
history/branches/lucene-solr/lucene_solr_5_4
history/branches/lucene-solr/pforcodec_3892
history/branches/lucene-solr/preflexfixes
history/branches/lucene-solr/realtime_search
history/branches/lucene-solr/slowclosing
history/branches/lucene-solr/solr2452
history/branches/lucene-solr/solr3733
history/branches/lucene-solr/solr5914
history/branches/lucene-solr/solr7787

releases/lucene-solr/5.*

releases/lucene-solr/5.4.1
releases/lucene-solr/5.5.0

releases/lucene-solr/6.*

releases/lucene-solr/6.0.0
releases/lucene-solr/6.1.0
releases/lucene-solr/6.2.0
releases/lucene-solr/6.2.1
releases/lucene-solr/6.3.0
releases/lucene-solr/6.4.0
releases/lucene-solr/6.4.1
releases/lucene-solr/6.4.2
releases/lucene-solr/6.5.0