Recently, a critical zero-day vulnerability was observed in Apache Solr. Apache Solr, written in Java, is an open-source enterprise search platform from the Apache Lucene project. Its major features include full-text search, hit highlighting, faceted search, real-time indexing, dynamic clustering, database integration, NoSQL features and rich document handling. As it has a dynamic range of … Continue reading “Apache Solr Arbitrary File Read Vulnerability (Zero Day)”
Tag: Apache Solr
Apache Solr DataImportHandler Remote Code Execution Vulnerability (CVE-2019–0193)
Summary: A vulnerability in Apache Solr could allow an authenticated, remote malicious user to execute arbitrary code on a targeted system. The vulnerability exists in the DataImportHandler module and is due to insufficient security restrictions imposed by the affected software. Description: The DataImportHandler, a popular module to pull in data from databases has a feature … Continue reading “Apache Solr DataImportHandler Remote Code Execution Vulnerability (CVE-2019–0193)”
Apache Solr Config API Remote Code Execution Vulnerability (CVE-2019-0192)
Apache has recently fixed a Java Deserialization vulnerability in Apache Solr. Apache Solr has a Config API which allows to configure Solr’s JMX server via an HTTP POST request. It’s possible to setup a malicious RMI server, have Config API point to this malicious RMI server and trigger a remote code execution via Apache Solr’s unsafe … Continue reading “Apache Solr Config API Remote Code Execution Vulnerability (CVE-2019-0192)”