Critical Apache Solr Vulnerability Grants Write Access to Attackers on Windows

A new security vulnerability has been uncovered in Apache Solr, affecting versions 6.6 through 9.7.0.

The issue, classified as a Relative Path Traversal vulnerability, exposes Solr instances running on Windows to potential risks of arbitrary file path manipulation and write-access.

Tracked as SOLR-17543, this vulnerability could permit attackers to exploit the “configset upload” API through a maliciously crafted ZIP file.

Exploiting File Path Manipulation Through Zipslip

The vulnerability stems from improper input sanitation in Solr’s “configset upload” API.

This flaw enables attackers to execute what is commonly referred to as a “zipslip” attack, leveraging malicious ZIP files containing relative file paths to overwrite or write files in unexpected locations within the filesystem.

Because certain components of Windows file path processing are more prone to exploitation, Solr instances hosted on Windows platforms are particularly at risk.

The attack could allow unauthorized write-access to critical system files, potentially ...