CVE-2017-3163

high

Apache

CVSS v3 Base Score

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

11.9%

Exploitation probability in 30 days

Top 6% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

High

Integrity

None

Availability

None

Published: August 30, 2017 (3179 days ago)

Last Modified: May 13, 2026

Vendor: Apache

Source: NVD

Description

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.

CWE

CWE-22

Affected Products

apache solr

References

🔗 access.redhat.com 🔗 access.redhat.com 🔗 access.redhat.com 🔗 access.redhat.com 🔗 access.redhat.com

CVE-2017-3163

Vulnerability Report

Description

CWE

Affected Products

References