### [CVE-2017-3164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3164)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Solr&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Apache%20Solr%201.3.0%20to%201.4.1%2C%203.1.0%20to%203.6.2%2C%204.0.0%20to%204.10.4%2C%205.0.0%20to%205.5.5%2C%206.0.0%20to%206.6.5%2C%207.0.0%20to%207.6.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Server%20Side%20Request%20Forgery&color=brightgreen)

### Description

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

### POC

#### Reference
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/tdwyer/PoC_CVE-2017-3164_CVE-2017-1262