Published: 07/03/2019 Updated: 23/07/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apache Solr could allow a remote malicious user to execute arbitrary code on the system, caused by a deserialization of untrusted data flaw in jmx.serviceUrl. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheSolr5.1, 5.1.0, 5.2.0, 5.2.1, 5.3, 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 6.0.0, 6.0.1, 6.1.0, 6.2.0, 6.2.1, 6.3.0, 6.4.0, 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5
NetappStorage Automation Store-

Vendor Advisories

Synopsis Important: Red Hat Fuse 740 security update Type/Severity Security Advisory: Important Topic A minor version update (from 73 to 74) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security h ...
Impact: Important Public Date: 2019-03-07 CWE: CWE-20 Bugzilla: 1692345: CVE-2019-0192 solr: remote cod ...
In Solr the Config API allows to configure the JMX server via an HTTP POST request By pointing it to a malicious RMI server, an attacker could take advantage of unsafe deserialization in Solr to trigger remote code execution on the Solr side ...

Github Repositories

CVE-2019-0192 - Apache Solr RCE 500 to 555 and 600 to 665 This is an early PoC of the Apache Solr RCE From issuesapacheorg/jira/browse/SOLR-13301: ConfigAPI allows to configure Solr's JMX server via an HTTP POST request By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code

Apache Solr Injection Research Table of Contents Introduction Solr API quick overview Apache Solr Injection Solr Parameters Injection (HTTP smuggling) Exploitation examples Solr Local Parameters Injection Ways to RCE [CVE-2017-12629] Remote Code Execution via RunExecutableListener [CVE-2019-0192] Deserialization of untrusted data via jmxserviceUrl Attack via deseriali

项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦痕迹。 address | introduce | -|-|- 名字 | 介绍 | 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome

项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦痕迹。 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome awesome系列 wwwowasporgcn/owasp-pr

Java-Deserialization-Cheat-Sheet A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries Please, use #javadeser hash tag for tweets Table of content Java Native Serialization (binary) Overview Main talks & presentations & docs Payload generators Exploits Detect Vulnerable apps (without

Recent Articles

BlueKeep Scanner Discovered in Watchbog Cryptomining Malware
BleepingComputer • Sergiu Gatlan • 24 Jul 2019

A new Watchbog malware variant can scan for Windows computers vulnerable to BlueKeep exploits, with previous variants only being utilized to infect Linux servers compromised using Jira, Exim, Nexus Repository Manager 3, ThinkPHP, and Solr Linux exploits.
"Among the new Linux exploits, this version of WatchBog implements a BlueKeep RDP protocol vulnerability scanner module, which suggests that WatchBog is preparing a list of vulnerable systems to target in the future or to sell to th...