You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@solr.apache.org by hari prasad <ha...@gmail.com> on 2023/01/10 15:03:42 UTC

Apache Solr Information Disclosure Vulnerability

Hi Team,

We have a Sitecore project of version 9.3 and we are using windows Sol 8.1.1. We have this Vulnerability "Apache Solr Information Disclosure Vulnerability" impacted on few of our servers. And below are the patch fix suggested by Solr for this vulnerability.

Ref: SOLR-15826 -CVE-2021-44548

URL: https://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandler

Impacted Servers:
Servers like TST, STG.

Mitigation:
(a) Ensure only trusted clients can make requests to Solr's Datalmport handler.

Comment:
Please advise how to fix this Vulnerability and where we have to make the changes. Providing step by steps would be great.
Or
Please suggest any other solution to fix this Vulnerability.

Best,
Hariprasad T

Re: Apache Solr Information Disclosure Vulnerability

Posted by Eric Pugh <ep...@opensourceconnections.com>.

The link you listed has the mitigation, "Upgrade to Solr 8.11.1” which is what I would recommend.    The other one I don’t have a great sense of the details, and would recommend consulting with someone who is a Solr ops expert to give you the answer ;-)

> On Jan 10, 2023, at 10:03 AM, hari prasad <ha...@gmail.com> wrote:
> 
> Hi Team,
> 
> We have a Sitecore project of version 9.3 and we are using windows Sol 8.1.1. We have this Vulnerability "Apache Solr Information Disclosure Vulnerability" impacted on few of our servers. And below are the patch fix suggested by Solr for this vulnerability.
> 
> Ref: SOLR-15826 -CVE-2021-44548
> 
> URL: https://solr.apache.org/security.html#cve-2021-44548-apache-solr-information-disclosure-vulnerability-through-dataimporthandler
> 
> Impacted Servers:
> Servers like TST, STG.
> 
> Mitigation:
> (a) Ensure only trusted clients can make requests to Solr's Datalmport handler.
> 
> Comment:
> Please advise how to fix this Vulnerability and where we have to make the changes. Providing step by steps would be great.
> Or
> Please suggest any other solution to fix this Vulnerability.
> 
> Best,
> Hariprasad T

_______________________
Eric Pugh | Founder & CEO | OpenSource Connections, LLC | 434.466.1467 | http://www.opensourceconnections.com <http://www.opensourceconnections.com/> | My Free/Busy <http://tinyurl.com/eric-cal>  
Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw>	
This e-mail and all contents, including attachments, is considered to be Company Confidential unless explicitly stated otherwise, regardless of whether attachments are marked as such.