Skip to content
ProtocolPorts

Port reference

Port 8983 (TCP) – Apache Solr

Default port for the Apache Solr search platform and its admin/API interface.

tcpRegisteredCommonly attacked

Default state

Solr commonly listens on 0.0.0.0:8983 with the admin UI and APIs unauthenticated. Exposed instances allow data access and, on vulnerable versions, remote code execution.

Common attacks

  • Remote code execution via Velocity template injection (CVE-2019-17558)
  • RCE via the config API and data import handler (CVE-2017-12629)
  • Unauthenticated access to the admin UI and core data
  • Information disclosure of cores, schemas, and indexed documents

CVE-2019-17558CVE-2017-12629

Hardening

  • Enable authentication and authorization (Solr security.json)
  • Bind to localhost or a private interface; never expose 8983 to the internet
  • Disable the Velocity response writer and unused handlers
  • Require TLS and firewall 8983 to trusted hosts
  • Keep Solr patched (fixes CVE-2019-17558 and CVE-2017-12629) and audit access

nmap snippet

nmap -p8983 --script http-title <target>

Replace <target> with the host or range you're authorized to scan.

What runs on port 8983?

Port 8983 is the default for Apache Solr, a popular open-source search platform built on Lucene. Applications query and index documents over 8983, and the same port serves the Solr admin UI and management APIs used to create cores, edit configuration, and import data.

Why it matters for security

Solr frequently runs without authentication, exposing both indexed data and powerful admin APIs. Several high-impact bugs turn that exposure into remote code execution: CVE-2019-17558 abuses the Velocity response writer for template injection, and CVE-2017-12629 exploits the config API and data import handler. An open 8983 can mean full server compromise.

How it's attacked

Attackers scan for open 8983, reach the unauthenticated admin UI, and enumerate cores and schemas. They then exploit Velocity template injection (CVE-2019-17558) or the config/DIH path (CVE-2017-12629) to run commands, deploy webshells, and pivot into the host.

Hardening checklist

Enable authentication and authorization via security.json, bind Solr to localhost or a private interface, and disable the Velocity response writer and unused handlers. Require TLS and firewall 8983 to trusted hosts. Patch to versions that fix CVE-2019-17558 and CVE-2017-12629, and audit access. Use the nmap snippet above to detect exposed instances on hosts you are authorized to test.

Related ports

Port 9200Port 27017Port 6379Port 8086

Frequently asked questions

Why is an exposed Solr admin on port 8983 dangerous?
The Solr admin UI and APIs are often unauthenticated. Bugs like CVE-2019-17558 (Velocity template injection) and CVE-2017-12629 allow remote code execution, so an exposed 8983 can lead to full server compromise.
How do I secure Apache Solr?
Enable authentication via security.json, bind to a private interface, disable the Velocity response writer and unused handlers, require TLS, firewall 8983, and keep Solr patched.