Access Control: Apache Solr \<=8.8.1 - Local File Inclusion¶
Identifier:
apache_solr_file_read
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Apache Solr versions prior to and including 8.8.1 are vulnerable to local file inclusion, allowing attackers to read sensitive files from the server.
How we test: We test for local file inclusion vulnerabilities in Apache Solr by injecting file path payloads and analyzing responses to detect if local files can be included and their contents exposed.
Reference:
- https://twitter.com/Al1ex4/status/1382981479727128580
- https://nsfocusglobal.com/apache-solr-arbitrary-file-read-and-ssrf-vulnerability-threat-alert/
- https://twitter.com/sec715/status/1373472323538362371
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.