CVE-2017-3164
Description
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apache Solr before 7.7 lacks a whitelist for the 'shards' parameter, allowing SSRF via arbitrary HTTP GET requests.
Vulnerability
Apache Solr versions 1.3 through 7.6 (inclusive) are vulnerable to Server-Side Request Forgery (SSRF) because the shards parameter in distributed search requests does not enforce a whitelist mechanism [1]. An attacker can supply a URL in the shards parameter, and Solr will perform an HTTP GET request to that arbitrary address.
Exploitation
A remote attacker with network access to the Solr server can craft a request containing a malicious shards parameter pointing to an internal or external URL. No authentication or special privileges are required if the Solr API is exposed. The attacker simply sends the request; the server then initiates the HTTP GET to the target.
Impact
An attacker can leverage this SSRF to probe internal network services, read metadata from cloud endpoints (e.g., AWS/EC2 metadata), or interact with other internal systems reachable from the Solr server. The impact is information disclosure and potential lateral movement depending on network configuration.
Mitigation
Apache Solr 7.7 and later contain a fix that introduces a whitelist for the shards parameter [1]. Users should upgrade to 7.7 or newer. If upgrading is not immediately possible, restrict network access to the Solr API using firewalls or reverse proxy rules, and limit outbound HTTP requests from the server.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.solr:solr-coreMaven | >= 1.3.0, < 7.7.0 | 7.7.0 |
Affected products
2- Apache Software Foundation/Apache Solrv5Range: Apache Solr 1.3.0 to 1.4.1, 3.1.0 to 3.6.2, 4.0.0 to 4.10.4, 5.0.0 to 5.5.5, 6.0.0 to 6.6.5, 7.0.0 to 7.6.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
24- github.com/advisories/GHSA-vrh8-27q8-fr8fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-3164ghsaADVISORY
- mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN%3DwO5rYs6ktAX-5%3D-f5JDFwbbTSM2TTjEbGO5jKKA%40mail.gmail.com%3Eghsamailing-listx_refsource_MLISTWEB
- security.netapp.com/advisory/ntap-20190327-0003ghsaWEB
- www.oracle.com/security-alerts/cpuoct2020.htmlghsaWEB
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlghsaWEB
- www.securityfocus.com/bid/107026mitrevdb-entryx_refsource_BID
- lists.apache.org/thread.html/43026507844ada1ac658ccf7bc939378c13e492fd6538416ce65df39%40%3Cdev.lucene.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/43026507844ada1ac658ccf7bc939378c13e492fd6538416ce65df39@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/75dc651478f9d04505b46d44fe3ac739e7aaf3d7bf1257973685f8f7%40%3Cdev.lucene.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/75dc651478f9d04505b46d44fe3ac739e7aaf3d7bf1257973685f8f7@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3EghsaWEB
- lists.apache.org/thread.html/ca3105b6934ccd28e843dffe39724f6963ff49825e9b709837203649%40%3Cdev.lucene.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/ca3105b6934ccd28e843dffe39724f6963ff49825e9b709837203649@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/e0f9c652b57a91fdcc287efcead620af9f4d8e46b88f0b761aa265de%40%3Cdev.lucene.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/e0f9c652b57a91fdcc287efcead620af9f4d8e46b88f0b761aa265de@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3EghsaWEB
- security.netapp.com/advisory/ntap-20190327-0003/mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpuoct2020.htmlmitrex_refsource_MISC
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.