VYPR
High severity7.5NVD Advisory· Published Jul 7, 2017· Updated Jun 17, 2026

CVE-2017-7660

CVE-2017-7660

Description

Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.solr:solr-coreMaven
>= 5.3.0, < 5.5.55.5.5
org.apache.solr:solr-coreMaven
>= 6.0.0, < 6.6.06.6.0

Affected products

23
  • Apache/Solr21 versions
    cpe:2.3:a:apache:solr:5.3.0:*:*:*:*:*:*:*+ 20 more
    • cpe:2.3:a:apache:solr:5.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:5.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:5.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:5.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:5.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:5.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:5.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:5.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:5.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:5.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:6.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:6.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:6.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:6.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:6.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:6.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:6.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:6.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:6.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:solr:6.5.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 5.3.0, < 5.5.5
  • Apache/Apachecpe-rescue
    Range: 5.3 to 5.5.4

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.