Detections
Analytics

Apache Solr Unauthenticated Access Information Disclosure

medium Nessus Plugin ID 158094

Language:

Synopsis

The remote web server discloses configuration information.

Description

A remote unauthenticated attacker can obtain an overview of the remote Apache Solr web server's configuration by requesting the URL '/solr'. This overview includes the configuration of the system and available data sources.
It may also include the contents of any cores configured in the node.

Solution

Update Apache Solr's configuration to require authentication.

See Also

http://www.nessus.org/u?be0fc91e

Plugin Details

Severity: Medium

ID: 158094

File Name: apache_solr_unauthenticated.nasl

Version: 1.2

Type: remote

Family: Web Servers

Published: 2/16/2022

Updated: 4/4/2022

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Information disclosure

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:apache:solr

Required KB Items: installed_sw/Apache Solr