7.5
CVSSv2

CVE-2019-0192

Published: 07/03/2019 Updated: 28/03/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 722
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apache Solr could allow a remote malicious user to execute arbitrary code on the system, caused by a deserialization of untrusted data flaw in jmx.serviceUrl. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheSolr5.1, 5.1.0, 5.2.0, 5.2.1, 5.3, 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 6.0.0, 6.0.1, 6.1.0, 6.2.0, 6.2.1, 6.3.0, 6.4.0, 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5
NetappStorage Automation Store-

Vendor Advisories

Impact: Important Public Date: 2019-03-07 CWE: CWE-20 Bugzilla: 1692345: CVE-2019-0192 solr: remote cod ...
In Solr the Config API allows to configure the JMX server via an HTTP POST request By pointing it to a malicious RMI server, an attacker could take advantage of unsafe deserialization in Solr to trigger remote code execution on the Solr side ...

Github Repositories

CVE-2019-0192 - Apache Solr RCE 500 to 555 and 600 to 665 This is an early PoC of the Apache Solr RCE From issuesapacheorg/jira/browse/SOLR-13301: ConfigAPI allows to configure Solr's JMX server via an HTTP POST request By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code