What is CVE-2017-7660?

CVE-2017-7660 is a high-severity vulnerability in Apache Solr, classified under Improper Authentication. CVSS score: 7.5/10. Published 2017-07-07.

How severe is CVE-2017-7660?

High severity. CVSS v3 base score is 7.5 out of 10.

Auth bypass in Apache Solr

CVE-2017-7660

Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This ca…

Vulnerability class: Broken Authentication

EPSS: 0.003 (56.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Apache Solr — versions 5.3.0, 5.3.1, 5.3.2
Apache Software Foundation Solr — versions 6.0 to 6.5.1, 5.3 to 5.5.4

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

security@apache.org (x_refsource_CONFIRM)
security@apache.org (Vendor Advisory, mailing-list, x_refsource_MLIST, Mailing List)
security@apache.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-7660?: CVE-2017-7660 is a high-severity vulnerability in Apache Solr, classified under Improper Authentication. CVSS score: 7.5/10. Published 2017-07-07.
How severe is CVE-2017-7660?: High severity. CVSS v3 base score is 7.5 out of 10.