CVE-2017-7660

Name	CVE-2017-7660
Description	Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
lucene-solr (PTS)	jessie, jessie (lts)	3.6.2+dfsg-5+deb8u3	fixed
	stretch (security), stretch (lts), stretch	3.6.2+dfsg-10+deb9u3	fixed
	buster	3.6.2+dfsg-20+deb10u2	fixed
	bullseye	3.6.2+dfsg-24	fixed
	sid, trixie, bookworm	3.6.2+dfsg-26	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
lucene-solr	source	(unstable)	(not affected)

Notes

- lucene-solr <not-affected> (Vulnerable code introduced later)
https://issues.apache.org/jira/browse/SOLR-10624
http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/2f5ecbcf