Web Server HTTP Header Internal IP Disclosure SOLR port

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Web Server HTTP Header Internal IP Disclosure SOLR port

Muniraj M
Hi,

I am using Apache SOLR 6.6.5 as my search engine and when we do security
scan on our server, we got the below response

*When processing the following request : GET / HTTP/1.0 this web server
leaks the following private IP address : X.X.X.X as found in the following
collection of HTTP headers : HTTP/1.1 302 Found
Location: http://X.X.X.X:8983/solr/
<http://x.x.x.x:8983/solr/> Content-Length: 0*

I have checked for more time however haven't find any solutions to fix this
problem. Any idea of how to solve this would be really appreciated.

--
Regards,
*Muniraj M*
Reply | Threaded
Open this post in threaded view
|

Re: Web Server HTTP Header Internal IP Disclosure SOLR port

Jan Høydahl / Cominvent
Are you saying that the redirect from http://my.ip:8983/ to http://my.ip.8983/solr/ is a security issue for you? Please tell us how this could be by providing a real example where you believe that Solr exposes some secret information that the requesting client should not gain access to?? Remember that Solr is not any random Web server and must be firewalled and not exposed to the internet. Your security scan tool may have other assumptions?

--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

> 7. jan. 2019 kl. 05:55 skrev Muniraj M <[hidden email]>:
>
> Hi,
>
> I am using Apache SOLR 6.6.5 as my search engine and when we do security
> scan on our server, we got the below response
>
> *When processing the following request : GET / HTTP/1.0 this web server
> leaks the following private IP address : X.X.X.X as found in the following
> collection of HTTP headers : HTTP/1.1 302 Found
> Location: http://X.X.X.X:8983/solr/
> <http://x.x.x.x:8983/solr/> Content-Length: 0*
>
> I have checked for more time however haven't find any solutions to fix this
> problem. Any idea of how to solve this would be really appreciated.
>
> --
> Regards,
> *Muniraj M*

Reply | Threaded
Open this post in threaded view
|

Re: Web Server HTTP Header Internal IP Disclosure SOLR port

Gus Heck
This sounds like something that might crop up if the admin UI were exposed
to an alternate (or public) network space through a tunnel or proxy. The
server knows nothing about the proxy/tunnel, and the cloud page has nice
clickable machine names that point at the internal dns or ip names of the
nodes. This does not however give access to said nodes or the network
space. One might I suppose worry that it reveals which internal IP space is
in use, but if someone you don't trust with that information can already
see the admin UI you have much bigger problems.

On Mon, Jan 7, 2019 at 3:15 AM Jan Høydahl <[hidden email]> wrote:

> Are you saying that the redirect from http://my.ip:8983/ to
> http://my.ip.8983/solr/ is a security issue for you? Please tell us how
> this could be by providing a real example where you believe that Solr
> exposes some secret information that the requesting client should not gain
> access to?? Remember that Solr is not any random Web server and must be
> firewalled and not exposed to the internet. Your security scan tool may
> have other assumptions?
>
> --
> Jan Høydahl, search solution architect
> Cominvent AS - www.cominvent.com
>
> > 7. jan. 2019 kl. 05:55 skrev Muniraj M <[hidden email]>:
> >
> > Hi,
> >
> > I am using Apache SOLR 6.6.5 as my search engine and when we do security
> > scan on our server, we got the below response
> >
> > *When processing the following request : GET / HTTP/1.0 this web server
> > leaks the following private IP address : X.X.X.X as found in the
> following
> > collection of HTTP headers : HTTP/1.1 302 Found
> > Location: http://X.X.X.X:8983/solr/
> > <http://x.x.x.x:8983/solr/> Content-Length: 0*
> >
> > I have checked for more time however haven't find any solutions to fix
> this
> > problem. Any idea of how to solve this would be really appreciated.
> >
> > --
> > Regards,
> > *Muniraj M*
>
>

--
http://www.the111shift.com
Reply | Threaded
Open this post in threaded view
|

Re: Web Server HTTP Header Internal IP Disclosure SOLR port

Jan Høydahl / Cominvent
Yea, it really won't work to tunnel Admin UI, it needs to see the actual
IP/host names, so some kind of Socks or VPN would need to be used.
Anyway, you can always set the HOST (-Djetty.host) property for each
host to FQDN instead of IP, in which case those names will be used in
clusterstate and also in UI, which is more human friendly than IPs.

But the reporter will have to elaborate further on this. Exposing the hostname
or IP of a Solr node that you as a client (or Admin UI) needs to talk to,
is definitely necessary and by design.

--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

> 9. jan. 2019 kl. 16:38 skrev Gus Heck <[hidden email]>:
>
> This sounds like something that might crop up if the admin UI were exposed
> to an alternate (or public) network space through a tunnel or proxy. The
> server knows nothing about the proxy/tunnel, and the cloud page has nice
> clickable machine names that point at the internal dns or ip names of the
> nodes. This does not however give access to said nodes or the network
> space. One might I suppose worry that it reveals which internal IP space is
> in use, but if someone you don't trust with that information can already
> see the admin UI you have much bigger problems.
>
> On Mon, Jan 7, 2019 at 3:15 AM Jan Høydahl <[hidden email]> wrote:
>
>> Are you saying that the redirect from http://my.ip:8983/ to
>> http://my.ip.8983/solr/ is a security issue for you? Please tell us how
>> this could be by providing a real example where you believe that Solr
>> exposes some secret information that the requesting client should not gain
>> access to?? Remember that Solr is not any random Web server and must be
>> firewalled and not exposed to the internet. Your security scan tool may
>> have other assumptions?
>>
>> --
>> Jan Høydahl, search solution architect
>> Cominvent AS - www.cominvent.com
>>
>>> 7. jan. 2019 kl. 05:55 skrev Muniraj M <[hidden email]>:
>>>
>>> Hi,
>>>
>>> I am using Apache SOLR 6.6.5 as my search engine and when we do security
>>> scan on our server, we got the below response
>>>
>>> *When processing the following request : GET / HTTP/1.0 this web server
>>> leaks the following private IP address : X.X.X.X as found in the
>> following
>>> collection of HTTP headers : HTTP/1.1 302 Found
>>> Location: http://X.X.X.X:8983/solr/
>>> <http://x.x.x.x:8983/solr/> Content-Length: 0*
>>>
>>> I have checked for more time however haven't find any solutions to fix
>> this
>>> problem. Any idea of how to solve this would be really appreciated.
>>>
>>> --
>>> Regards,
>>> *Muniraj M*
>>
>>
>
> --
> http://www.the111shift.com