cvedb.io
CVE-2017-3164
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2019-03-08T21:29:00.250 · Last modified 2026-06-17T01:17:39.157

Summary

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

Affected products

apache — solr

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.