Solr - Admin Page Access

What is Solr - Admin Page Access?

Solr - Admin Page Access is a module that targets the Solr administration page. It is designed to detect a misconfiguration that allows unauthorized access to the admin page without any authentication requirements. This vulnerability is classified as high severity.

Impact

If the Solr administration page is accessible without authentication, it poses a significant security risk. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information, modify configurations, or perform other malicious activities.

How the module works?

The Solr - Admin Page Access module works by sending HTTP requests to specific paths, namely "/admin/" and "/solr/admin/". It then applies matching conditions to determine if the Solr admin page is accessible without authentication.

The module uses two matching conditions:

- Word Matcher: It checks if the response body contains the HTML title tag "<title>Solr admin page</title>". - Status Matcher: It verifies if the HTTP response status is 200 (OK).

If both matching conditions are met, the module reports a vulnerability, indicating that the Solr admin page is accessible without authentication.