diff --git a/search-services/alfresco-search/src/test/java/org/alfresco/solr/SolrITInitializer.java b/search-services/alfresco-search/src/test/java/org/alfresco/solr/SolrITInitializer.java
index 24d744f00..cb5d6e750 100644
--- a/search-services/alfresco-search/src/test/java/org/alfresco/solr/SolrITInitializer.java
+++ b/search-services/alfresco-search/src/test/java/org/alfresco/solr/SolrITInitializer.java
@@ -100,6 +100,8 @@ public abstract class SolrITInitializer extends SolrTestCaseJ4
     protected static final int DEFAULT_CONNECTION_TIMEOUT1 = DEFAULT_CONNECTION_TIMEOUT;
     protected static final int CLIENT_SO_TIMEOUT = 90000;
     protected final static int INDEX_TIMEOUT = 100000;
+    protected static final String JETTY_CONTEXT = "/solr";
+    protected static final String SHARD_NAME_PREFIX = "shard";
 
     private static AtomicInteger nodeCnt;
     protected static boolean useExplicitNodeNames;
@@ -107,6 +109,7 @@ public abstract class SolrITInitializer extends SolrTestCaseJ4
     public static Properties DEFAULT_CORE_PROPS = new Properties();
 
     protected static Map<String, JettySolrRunner> jettyContainers;
+    protected static int jettyPort;
     protected static Map<String, SolrClient> solrCollectionNameToStandaloneClient;
     protected static List<JettySolrRunner> solrShards;
     protected static List<SolrClient> clientShards;
@@ -150,6 +153,9 @@ public abstract class SolrITInitializer extends SolrTestCaseJ4
     {
         testClassName = testClassName + "_" + System.currentTimeMillis();
 
+        if (numShards > 0) {
+            jettyPort = getNextAvailablePort();
+        }
         solrcoreProperties = addExplicitShardingProperty(solrcoreProperties);
 
         clientShards = new ArrayList<>();
@@ -164,6 +170,7 @@ public abstract class SolrITInitializer extends SolrTestCaseJ4
         String[] coreNames = new String[]{DEFAULT_TEST_CORENAME};
         
         distribSetUp(testClassName);
+        distribShardsSetUp(numShards);
 
         RandomSupplier.RandVal.uniqueValues = new HashSet<>(); // reset random values
 
@@ -249,6 +256,24 @@ public abstract class SolrITInitializer extends SolrTestCaseJ4
         System.setProperty("solr.log.dir", testDir.toPath().resolve(serverName).toString());
     }
 
+    /**
+     * Needed to test fix for CVE-2017-3164
+     * @param numShards
+     */
+    private static void distribShardsSetUp(int numShards){
+        if (numShards <= 0) {
+            return;
+        }
+
+        StringBuilder shardWhitelistBuilder = new StringBuilder();
+        for (int i = 0; i < numShards; i++)
+        {
+            shardWhitelistBuilder.append("127.0.0.1:").append(jettyPort).append(JETTY_CONTEXT).append("/" + SHARD_NAME_PREFIX + i).append(',');
+        }
+        shardWhitelistBuilder.deleteCharAt(shardWhitelistBuilder.length() - 1);
+        System.setProperty("solr.shardsWhitelist", shardWhitelistBuilder.toString());
+    }
+
     public static void distribTearDown()
     {
         System.clearProperty("solr.directoryFactory");
@@ -276,7 +301,7 @@ public abstract class SolrITInitializer extends SolrTestCaseJ4
         {
             Path jettySolrHome = testDir.toPath().resolve(jettyKey);
             seedSolrHome(jettySolrHome);
-            return createJetty(jettySolrHome.toFile(), null, null, false, 0, getSchemaFile(), basicAuth);
+            return createJetty(jettySolrHome.toFile(), null, null, false, jettyPort, getSchemaFile(), basicAuth);
         }
     }
 
@@ -365,7 +390,7 @@ public abstract class SolrITInitializer extends SolrTestCaseJ4
             Properties props = new Properties();
             props.putAll(additionalProperties);
 
-            final String shardname = "shard" + i;
+            final String shardname = SHARD_NAME_PREFIX + i;
             props.put("shard.instance", Integer.toString(i));
             props.put("shard.count", Integer.toString(numShards));
 
@@ -396,7 +421,7 @@ public abstract class SolrITInitializer extends SolrTestCaseJ4
         for (int i = 0; i < numShards; i++)
         {
             if (sb.length() > 0) sb.append(',');
-            final String shardname = "shard" + i;
+            final String shardname = SHARD_NAME_PREFIX + i;
             String shardStr = buildUrl(solr.getLocalPort()) + "/" + shardname;
             LOGGER.info(shardStr);
             SolrClient clientShard = createNewSolrClient(shardStr);
@@ -469,10 +494,10 @@ public abstract class SolrITInitializer extends SolrTestCaseJ4
         if(basicAuth)
         {
             LOGGER.info("###### adding basic auth ######");
-            config = JettyConfig.builder().setContext("/solr").setPort(port).withFilter(BasicAuthFilter.class, "/sql/*").stopAtShutdown(true).withSSLConfig(sslConfig).build();
+            config = JettyConfig.builder().setContext(JETTY_CONTEXT).setPort(port).withFilter(BasicAuthFilter.class, "/sql/*").stopAtShutdown(true).withSSLConfig(sslConfig).build();
         } else {
             LOGGER.info("###### no basic auth ######");
-            config = JettyConfig.builder().setContext("/solr").setPort(port).stopAtShutdown(true).withSSLConfig(sslConfig).build();
+            config = JettyConfig.builder().setContext(JETTY_CONTEXT).setPort(port).stopAtShutdown(true).withSSLConfig(sslConfig).build();
         }
 
         return new JettySolrRunner(solrHome.getAbsolutePath(), props, config);
@@ -514,7 +539,7 @@ public abstract class SolrITInitializer extends SolrTestCaseJ4
 
     protected static String buildUrl(int port)
     {
-        return buildUrl(port, "/solr");
+        return buildUrl(port, JETTY_CONTEXT);
     }
 
     protected static String getSolrXml()