This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Apache Solr < 4.6 has a **Path Traversal** flaw. <br>π₯ **Consequences**: Attackers read **arbitrary files** via the `tr` parameter. Sensitive data leaks! π
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: Improper input validation on the `tr` parameter. Allows **directory traversal characters** (e.g., `../`) or full paths. CWE: Path Traversal. π³οΈ
Q3Who is affected? (Versions/Components)
π₯ **Affected**: Apache Solr versions **before 4.6**. Based on Lucene. π¦
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Hackers Can**: Read **any file** on the server. Expose **sensitive info** (configs, keys, logs). No admin rights needed for the read! π
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **LOW**. Remote exploitation. No auth required mentioned. Just send a crafted request with `tr=../../etc/passwd`. π
Q6Is there a public Exp? (PoC/Wild Exploitation)
π’ **Public Exp**: Yes. References include Secunia (55730) and SecurityFocus (63935). Agarri.fr has a detailed blog on exploiting it. π
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for Solr instances. Test the `tr` parameter with `../` payloads. Check if server returns file contents instead of errors. π§ͺ
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: Yes. Patched in **Apache Solr 4.6**. See JIRA SOLR-4882. π οΈ
Q9What if no patch? (Workaround)
π§ **No Patch?**: Upgrade immediately! If stuck, **block external access** to the Solr port. Restrict network access to trusted IPs only. π«