H3-2022-0028¶

Unauthenticated Access to Apache Solr

Description¶

Apache Solr is configured to allow unauthenticated access to its administrative interface. Apache Solr is commonly used for indexing and searching large datasets. This misconfiguration can be exploited by an attacker by simply sending requests to the Solr server without providing any credentials.

Impact¶

By exploiting this misconfiguration, an attacker can gain unauthorized access to manage and manipulate the Solr installation’s search index, configuration files, and possibly gain control over all the documents and resources being managed by Solr. This could lead to exposure, modification, or deletion of critical data.

References¶

• Basic Authentication Plugin
• Securing Solr With Basic Authentication
• MITRE ATT&CK Technique: T1213: Data from Information Repositories