CVEs-PoC/2017/CVE-2017-3164.md

### [CVE-2017-3164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3164)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Solr&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Server%20Side%20Request%20Forgery&color=brighgreen)

### Description

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

### POC

#### Reference
- https://www.oracle.com/security-alerts/cpuoct2020.html

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/tdwyer/PoC_CVE-2017-3164_CVE-2017-1262