logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

CB Response: Is Solr vulnerable to CVE-2017-3164?

CB Response: Is Solr vulnerable to CVE-2017-3164?

Environment

CB Response Server: All Versions

Question

Is Solr vulnerable to CVE-2017-3164 fixed in Solr 7.7?

Answer

With IP tables set correctly this is not a vulnerability with the product. If you are not using CBR to manage iptables, ensure that the solr port 8080 is only accessible by the master and minions to master (if clustered). Solr admin console should be locked down to only IP's that need access.

Additional Notes

Two product enhancements have been created to address this within the product. CB-26353 and CB-26354

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
370
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.