how to resolve this vulnerability?

Our ACAS is disclosing this vulnerability on our Verint Job Server, about Apache Solr Unauthenticated Access Information Disclosure. To resolve this vulnerability it's saying "Update Apache Solr's configuration to require authentication", is there a way to do this within your application? We are on Community 13.

Apache Solr Unauthenticated Access Information Disclosure
medium Nessus Plugin ID 158094

The remote web server discloses configuration information.

Description
A remote unauthenticated attacker can obtain an overview of the remote Apache Solr web server's configuration by requesting the URL '/solr'. This overview includes the configuration of the system and available data sources.
It may also include the contents of any cores configured in the node.

Solution
Update Apache Solr's configuration to require authentication.

0 Michael Kelley 26 days ago

This is still under review by our teams.

I will add, however, that generally, this is not a concern as the Solr instance should not be publicly accessible based on our recommended setup. The Solr instance used by Verint Community should only accept connections from the Web/Job servers and not respond to requests from other sources, including public requests from the open internet.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel