You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Hariprasad T (Jira)" <ji...@apache.org> on 2023/01/09 10:17:00 UTC

[jira] [Created] (SOLR-16614) Apache Solr Information Disclosure Vulnerability

Hariprasad T created SOLR-16614:
-----------------------------------

             Summary: Apache Solr Information Disclosure Vulnerability
                 Key: SOLR-16614
                 URL: https://issues.apache.org/jira/browse/SOLR-16614
             Project: Solr
          Issue Type: Task
      Security Level: Public (Default Security Level. Issues are Public)
            Reporter: Hariprasad T


Hi Team,

We have a Sitecore project of version 9.3 and we are using windows Solr 8.1.1. We have this Vulnerability "{*}Apache Solr Information Disclosure Vulnerability{*}" impacted on few of our servers. And below are the patch fix suggested by Solr for this vulnerability.

*Ref:* SOLR-15826 -CVE-2021-44548

*URL:* https://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandler

*Impacted Servers:*

Servers like TST, STG.

*Mitigation:*

*(a)* Ensure only trusted clients can make requests to Solr's DataImport handler.

*Comment:*

Please advise how to fix this vulnerability and where we have to make the changes.

or it would be great if you can suggest any other solution to fix this vulnerability.

Thanks in advance!

 

Best,

Hariprasad T



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org