Overview
- Description
- Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing. This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0. Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue.
- Source
- security@apache.org
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Social media
- Hype score
- Not currently trending
Analysis of Apache Solr's latest authentication bypass vulnerability CVE-2024-45216 https://t.co/MlDFehHQsw
@Dinosn
12 Nov 2024
1414 Impressions
0 Retweets
4 Likes
4 Bookmarks
0 Replies
0 Quotes
cve-2024-45216 https://t.co/gfhKrfxmEp
@kang9693na25429
8 Nov 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-45216 2 - CVE-2024-38821 3 - CVE-2023-23397 4 - CVE-2024-51378 5 - CVE-2024-46538 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Nov 2024
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
LadonExp CVE-2024-45216 漏洞批量扫描教程 https://t.co/HbaFg1cn1N https://t.co/TQQkHE2SDD
@buaqbot
1 Nov 2024
74 Impressions
1 Retweet
4 Likes
3 Bookmarks
0 Replies
0 Quotes
🚀Detect Apache Solr Authentication Bypass (CVE-2024-45216) with @pdnuclei Template: https://t.co/0vO0wA7gja Research by https://t.co/SwKLQBnnGW #hackwithautomation #bugbounty #cybersecurity https://t.co/pK9VM08X4T
@DhiyaneshDK
1 Nov 2024
7663 Impressions
19 Retweets
132 Likes
67 Bookmarks
0 Replies
0 Quotes
Apache Solr の認証バイパスの脆弱性 CVE-2024-45216 が FIX:ただちにをパッチを! https://t.co/2Q2F5MLhvX #Apache #OpenSource #Solr
@iototsecnews
25 Oct 2024
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-45216 (CVSS:9.8, CRITICAL) is Awaiting Analysis. Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enable..https://t.co/EpHXIRmyI4 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
21 Oct 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-45216 Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used,… https://t.co/jqDDjXXSQI
@CVEnew
470 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Solr fixes Critical Vulnerability CVE-2024-45216 #ApacheSolr #CVE-2024-45216 #CVE-2024-45217 https://t.co/C0Yd9VvJJB
@pravin_karthik
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Authentication Bypass Vulnerability Patched in #Apache Solr Protect your organization from the risks of CVE-2024-45216 & CVE-2024-45217, two critical vulnerabilities in #ApacheSolr https://t.co/F3AwnNRA0i
@the_yellow_fall
543 Impressions
5 Retweets
12 Likes
1 Bookmark
0 Replies
0 Quotes
🚨🚨CVE-2024-45216: Apache Solr: Authentication bypass possible using a fake URL Path ending ⚠️This flaw could allow attackers to execute commands and access data without proper credentials, potentially leading to data breaches and system compromise. ZoomEye Dork👉app:"Apache… h
@zoomeye_team
490 Impressions
0 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
🗣 CVE-2024-45216: Critical Authentication Bypass Vulnerability Patched in Apache Solr https://t.co/6FvJHxCJyT
@fridaysecurity
94 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Solr has an authentication bypass vulnerability (CVE-2024-45216), publicly disclosed on October 16, 2024, with a high impact level and a CVSS 3.1 score of 7.5 #apache #cve #vulnerability #darkweb #darkwebnews https://t.co/8s2JiSibY1
@darkwebinsight
69 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
1 Quote
Warning: Critical Improper Authentication (#CVE-2024-45216 / CVSS: 9.8) and Insecure Default Initialization of Resource (CVE-2024-45217 / CVSS: 8.1) vulnerability in @ApacheSolr. Vulnerabilities can lead to auth bypass & unauthorized code execution! #Patch https://t.co/lOBeRf
@CCBalert
252 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes