What is CVE-2021-27905?

CVE-2021-27905 is a vulnerability in Apache Software Foundation Solr, classified under Server-Side Request Forgery (SSRF). Published 2021-04-13.

Is CVE-2021-27905 known to be exploited?

40 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SSRF in Apache Software Foundation Solr

CVE-2021-27905

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate ind…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.939 (99.9th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Solr — versions Apache Solr

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

Public proof-of-concept exploits

References

lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42e… (x_refsource_MISC)
security.netapp.com/advisory/ntap-20210611-0009/ (x_refsource_CONFIRM)
[solr-users] 20210618 CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability (mailing-list, x_refsource_MLIST)
[solr-users] 20210618 Re: CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability (mailing-list, x_refsource_MLIST)
[solr-users] 20210728 Re: CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability (mailing-list, x_refsource_MLIST)
[ofbiz-notifications] 20210914 [jira] [Updated] (OFBIZ-12316) The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905) (mailing-list, x_refsource_MLIST)
[ofbiz-commits] 20210915 [ofbiz-plugins] branch release18.12 updated: Fixed: The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905) (OFBIZ-12316) (mailing-list, x_refsource_MLIST)
[ofbiz-notifications] 20210915 [jira] [Commented] (OFBIZ-12316) The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905) (mailing-list, x_refsource_MLIST)
[ofbiz-notifications] 20210915 [jira] [Closed] (OFBIZ-12316) The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905) (mailing-list, x_refsource_MLIST)
[ofbiz-commits] 20210915 [ofbiz-plugins] branch trunk updated: Fixed: The Solr version included in OFBiz has an SSRF vulnerability (CVE-2021-27905) (OFBIZ-12316) (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2021-27905?: CVE-2021-27905 is a vulnerability in Apache Software Foundation Solr, classified under Server-Side Request Forgery (SSRF). Published 2021-04-13.
Is CVE-2021-27905 known to be exploited?: 40 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.