{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T16:29:57.593","vulnerabilities":[{"cve":{"id":"CVE-2017-7660","sourceIdentifier":"security@apache.org","published":"2017-07-07T19:29:00.197","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either \"HttpClientInterceptorPlugin\" or \"HttpClientBuilderPlugin\", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected."},{"lang":"es","value":"Apache Solr utiliza un mecanismo basado en PKI para proteger la comunicación entre nodos cuando la seguridad está habilitada. Es posible crear un nombre de nodo especialmente elaborado que no existe como parte del clúster y apunta hacia un nodo malicioso. Esto puede engañar a los nodos del clúster para creer que el nodo malicioso es un miembro del clúster. Por lo tanto, si los usuarios de Solr han habilitado el mecanismo de autenticación BasicAuth mediante BasicAuthPlugin o si el usuario ha implementado un complemento de autenticación personalizado, que no implementa \"HttpClientInterceptorPlugin\" o \"HttpClientBuilderPlugin\", sus servidores son vulnerables a este ataque. Los usuarios que solo utilizan SSL sin autenticación básica o aquellos que utilizan Kerberos no se ven afectados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"6A15EC7D-D9FD-4BAF-AB39-3CDF36485557"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B3BE5B93-258A-4CE9-990C-3B8447A6B454"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"1A6ECE67-ED5D-4188-9E67-3B4C91251D20"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:5.4.0:*:*:*:*:*:*:*","matchCriteriaId":"78C579A3-DBF2-4B9A-9119-DD7854D1B74A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:5.4.1:*:*:*:*:*:*:*","matchCriteriaId":"FBB5011F-D3B0-4778-9EE6-052EFA99608D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:5.5.0:*:*:*:*:*:*:*","matchCriteriaId":"F5EABC66-0815-4B89-B0ED-2C44EC20F8DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:5.5.1:*:*:*:*:*:*:*","matchCriteriaId":"E79098DA-B7D2-4A8A-9FD8-B1B4330DBA75"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:5.5.2:*:*:*:*:*:*:*","matchCriteriaId":"3541C154-9A45-4331-8C15-B0BABE388058"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:5.5.3:*:*:*:*:*:*:*","matchCriteriaId":"F38C7034-7432-4530-8CFC-A04F08300074"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:5.5.4:*:*:*:*:*:*:*","matchCriteriaId":"0DE8EEE3-1EC6-4277-86CA-6AF6CC5B7928"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"29F3170C-C5D6-431F-A2DD-692636CF5DAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"BA339070-A2BD-4559-B400-2BC2EB9923A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:6.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B737CF14-C14A-4D97-B838-47EC4A2C68C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:6.2.0:*:*:*:*:*:*:*","matchCriteriaId":"036F935D-B469-47C6-AF5D-3DFC73070753"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:6.2.1:*:*:*:*:*:*:*","matchCriteriaId":"42A1A17A-32EA-40A2-9A1E-6019B493B5C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:6.3.0:*:*:*:*:*:*:*","matchCriteriaId":"76557E9C-1F16-44D9-ACA1-F4DAEC966F05"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:6.4.0:*:*:*:*:*:*:*","matchCriteriaId":"DE068A02-D47A-4C6C-BFD3-040385599CA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:6.4.1:*:*:*:*:*:*:*","matchCriteriaId":"9CB3F9EB-63DE-4780-A357-FE89D1DB70CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:6.4.2:*:*:*:*:*:*:*","matchCriteriaId":"099B5DFD-CCD9-4EE7-B49E-77EC286D5F19"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:6.5.0:*:*:*:*:*:*:*","matchCriteriaId":"745CE558-1411-4356-9B79-2805FB4C80D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:solr:6.5.1:*:*:*:*:*:*:*","matchCriteriaId":"F9B41559-4695-467E-B7EA-B9D86127CFD7"}]}]}],"references":[{"url":"http://mail-archives.us.apache.org/mod_mbox/www-announce/201707.mbox/%3CCAOOKt53EgrybaD%2BiSn-nBbvFdse-szhg%3DhMoDZuvUvyMme-Z%3Dg%40mail.gmail.com%3E","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/99485","source":"security@apache.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.netapp.com/advisory/ntap-20181127-0003/","source":"security@apache.org"},{"url":"http://mail-archives.us.apache.org/mod_mbox/www-announce/201707.mbox/%3CCAOOKt53EgrybaD%2BiSn-nBbvFdse-szhg%3DhMoDZuvUvyMme-Z%3Dg%40mail.gmail.com%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/99485","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.netapp.com/advisory/ntap-20181127-0003/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}