Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Solr 5.3.x < 5.3.2 Authentication Bypass

Medium

Synopsis

The remote web server contains a Java application that is affected by an authentication bypass vulnerability.

Description

Versions of Apache Solr 5.3.x prior to 5.3.2 are affected by a authentication bypass flaw. This flaw exists due to the basic auth plugin failing to enforce credential requirements for authentication mechanisms. This may allow a remote attacker to bypass intended restrictions on the unauthenticated execution of certain actions. (OSVDB 131883)

Solution

Upgrade to Solr 5.4.0 or later. If 5.4.x cannot be obtained, 5.3.2 has also been patched for this vulnerability.