CVE-2017-7660

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-7660

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7660.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-7660

Aliases

GHSA-c82r-qg3w-q5mv

Published

2017-07-07T19:29:00.197Z

Modified

2026-04-10T04:00:59.123555Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.

References

Affected packages

Git / github.com/apache/lucene-solr

Affected ranges

Type

GIT

Repo

https://github.com/apache/lucene-solr

Events

Introduced

Last affected

cb922f860e8f7522287b55ea4bcd1059219bc1b3

Introduced

Last affected

d218c56d3fe3b18e5b1c79e4e61f93c0b31408b6

Introduced

Last affected

d57d7b14883a4b27990ee88419ac89dbed8f34bf

Introduced

Last affected

0a1dd10d5262153f4188dfa14a08ba28ec4ccb60

Introduced

Last affected

f54d853a3c3a2ddcf24ee7e2c837dc4d403bc0b0

Introduced

Last affected

2a228b3920a07f930f7afb6a42d0d20e184a943c

Introduced

Last affected

c08f17bca0d9cbf516874d13d221ab100e5b7d58

Introduced

Last affected

8e5d40b22a3968df065dfc078ef81cbb031f0e4a

Introduced

Last affected

8655b97b27d8da470c8235683af11a8b85a2b10f

Introduced

Last affected

31012120ebbd93744753eb37f1dbc5e654628291

Introduced

Last affected

48c80f91b8e5cd9b3a9b48e6184bd53e7619e7e3

Introduced

Last affected

c7510a0fdd93329ec04c853c8557f4a3f2309eaf

Introduced

Last affected

4726c5b2d2efa9ba160b608d46a977d0a6b83f94

Introduced

Last affected

764d0f19151dbff6f5fcd9fc4b2682cf934590c5

Introduced

Last affected

43ab70147eb494324a1410f7a9f16a896a59bc6f

Introduced

Last affected

a66a44513ee8191e25b477372094bfa846450316

Introduced

Last affected

bbe4b08cc1fb673d0c3eb4b8455f23ddc1364124

Introduced

Last affected

72f75b2503fa0aa4f0aff76d439874feb923bb0e

Introduced

Last affected

34a975ca3d4bd7fa121340e5bcbf165929e0542f

Introduced

Last affected

4b16c9a10c3c00cafaf1fc92ec3276a7bc7b8c95

Introduced

Last affected

cd1f23c63abe03ae650c75ec8ccb37762806cc75

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.3.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.3.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.4.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.5.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.5.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.5.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.5.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.2.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.4.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.4.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.5.1"
        }
    ]
}

Affected versions

Other

grafts/lucene-oldest

grafts/lucene-solr-copy

grafts/lucene-solr-oldest-merged

history/branches/lucene-solr/lucene-6997

history/branches/lucene-solr/lucene_solr_5_4

releases/lucene-solr/5.*

releases/lucene-solr/5.3.0

releases/lucene-solr/5.3.1

releases/lucene-solr/5.3.2

releases/lucene-solr/5.4.0

releases/lucene-solr/5.4.1

releases/lucene-solr/5.5.0

releases/lucene-solr/5.5.1

releases/lucene-solr/5.5.2

releases/lucene-solr/5.5.3

releases/lucene-solr/5.5.4

releases/lucene-solr/6.*

releases/lucene-solr/6.0.0

releases/lucene-solr/6.0.1

releases/lucene-solr/6.1.0

releases/lucene-solr/6.2.0

releases/lucene-solr/6.2.1

releases/lucene-solr/6.3.0

releases/lucene-solr/6.4.0

releases/lucene-solr/6.4.1

releases/lucene-solr/6.4.2

releases/lucene-solr/6.5.0

releases/lucene-solr/6.5.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7660.json"