A recently disclosed vulnerability (tracked as SOLR-17543) has been identified in Apache Solr, affecting all versions from 6.6 through 9.7.0.
Classified as a moderate severity issue, this vulnerability allows attackers to exploit a relative path traversal weakness through the “configset upload” API, particularly in Solr instances running on Windows operating systems.
ZipSlip Exploit Risks
The flaw is rooted in inadequate input sanitation in the “configset upload” API, which processes uploaded configuration files in the form of ZIP archives.
Malicious actors can craft special ZIP files containing relative file paths, commonly referred to as a “ZipSlip,” to gain unauthorized file write access.
This exploit enables an attacker to place files in unexpected locations on the server’s filesystem, potentially leading to elevation of privileges or the compromise of sensitive data.
The vulnerability is particularly critical for systems running on Windows due to their file path-handling structure, which increases the likelihood of exploitation.
However, instances where the API is accessible without strict access controls are more broadly at risk.
Mitigations and Recommendations
To resolve this issue, Apache has released Solr version 9.8.0, which includes necessary patches to address this vulnerability.
All Solr users running affected versions are strongly advised to upgrade to version 9.8.0 as soon as possible to secure their systems.
For users unable to perform an immediate upgrade, Apache recommends implementing mitigations to limit exposure.
Specifically, administrators can leverage Solr’s Rule-Based Authentication Plugin to tightly restrict access to the “configset upload” API, ensuring that only trusted and authorized users or administrators can interact with this feature.
This preventive measure effectively reduces the attack surface and minimizes risks until an upgrade can be completed.
This vulnerability underscores the importance of robust API security in enterprise software environments, particularly for widely-used platforms like Apache Solr.
Attacks exploiting improper file handling have become increasingly common, as malicious actors continue to search for weaknesses in software systems.
Organizations must stay vigilant by applying regular updates and adhering to best practices for authentication, API access control, and input validation.
The Apache community is tracking and addressing this issue under the identifier SOLR-17543.
Users are encouraged to consult Apache’s official documentation and the Solr release notes for further details regarding the update process and protective measures.
.webp?w=1200&resize=1200,0&ssl=1&description=A recently disclosed vulnerability (tracked as SOLR-17543) has been identified in Apache Solr, affecting all versions from 6.6 through 9.7.0.){kind=link}