Apache has recently fixed a Java Deserialization vulnerability in Apache Solr. Apache Solr has a Config API which allows to configure Solr’s JMX server via an HTTP POST request. It’s possible to setup a malicious RMI server, have Config API point to this malicious RMI server and trigger a remote code execution via Apache Solr’s unsafe … Continue reading “Apache Solr Config API Remote Code Execution Vulnerability (CVE-2019-0192)”