Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2019-17558

Published: 30/12/2019 Updated: 07/11/2023
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 411
Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P
Subscribe to Solr

Vulnerability Summary

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache solr

oracle primavera unifier 16.2

oracle primavera unifier 16.1

oracle primavera unifier 18.8

oracle primavera unifier

oracle primavera unifier 19.12

Mailing Lists

Full Disclosure: [CVE-2019-17558] Apache Solr RCE through VelocityResponseWriter
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> [CVE-2019-17558] Apache Solr RCE through VelocityResponseWriter <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: E ...

Github Repositories

https://github.com/p4d0rn/Siren

一款简单的Web漏洞扫描器(学习专用)

🎼Siren Intro Siren是一款简单(la ji)的Web漏洞扫描器(学习专用,作者的计网课设💦) Siren为古希腊神话中人首鸟身的女海妖🐟💃,以美妙歌声🎵诱使航海者驶向礁石或进入危险水域☠ 🤠在荷马史诗中,当奥德修斯将要经过塞壬所在海岛时,得到女神的忠告,预先采取了防备措施。他命

https://github.com/xkyrage/Exploit_CVE-2019-17558-RCE

Apache Solr 1.4 Injection to get a shell

Exploit_CVE-2019-17558-RCE Apache Solr 14 Injection to get a shell to Encode url, post_request, get_request

https://github.com/gsheller/Solr_CVE-2019-17558

Solr_CVE-2019-17558

Solr_CVE-2019-17558 usage: python3 Solr_CVE-2019-17558py url whoami

https://github.com/itsdafafo/Exploit_CVE-2019-17558-RCE

Apache Solr 1.4 Injection to get a shell

Exploit_CVE-2019-17558-RCE Apache Solr 14 Injection to get a shell to Encode url, post_request, get_request

https://github.com/mustblade/solr_hacktool

solr_hacktool 没查找现成工具,心血来潮写了个小玩具,支持三个漏洞 1CVE-2017-12629-RCE(No echo) 2CVE-2017-12629-XXE 3CVE-2019-17558-RCE

https://github.com/Nishacid/Easy_RCE_Scanner

Helps you find sensitive open ports, which usually leads to an easy RCE.

Easy RCE Scanner Script for the automation of your Pentest or Bug Bounty recon It will help you find sensitive open ports, which usually leads to an easy RCE Sensible Ports IBM WebSphere : 8880 Apache Hadoop : 8088 Apache Spark : 6066 Apache Solr : 8983 Redis : 6379 Docker : 2375, 2376 Zoho Manageengine Desktop : 8383 Atlassian Crowd : 4990 Portainer : 9000 Hashicorp Consul

References

CWE-74https://issues.apache.org/jira/browse/SOLR-13971http://packetstormsecurity.com/files/157078/Apache-Solr-8.3.0-Velocity-Template-Remote-Code-Execution.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://lists.apache.org/thread.html/rb964fe5c4e3fc05f75e8f74bf6b885f456b7a7750c36e9a8045c627a%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r9271d030452170ba6160c022757e1b5af8a4c9ccf9e04164dec02e7f%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/ra29fa6ede5184385bf2c63e8ec054990a7d4622bba1d244bee70d82d%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r36e35fd76239a381643555966fb3e72139e018d52d76544fb42f96d8%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r5074d814d3a8c75df4b20e66bfd268ee0a73ddea7e85070cec3ae78d%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/rf6d7ffae2b940114324e036b6394beadf27696d051ae0c4a5edf07af%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r58c58fe51c87bc30ee13bb8b4c83587f023edb349018705208e65b37%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r25f1bd4545617f5b86dde27b4c30fec73117af65598a30e20209739a%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r12ab2cb15a34e49b4fecb5b2bdd7e10f3e8b7bf1f4f47fcde34d3a7c%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r99c3f7ec3a079e2abbd540ecdb55a0e2a0f349ca7084273a12e87aeb%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r0b7b9d4113e6ec1ae1d3d0898c645f758511107ea44f0f3a1210c5d5%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r339865b276614661770c909be1dd7e862232e3ef0af98bfd85686b51%40%3Cdev.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66%40%3Cdev.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/rafc939fdd753f55707841cd5886fc7fcad4d8d8ba0c72429b3220a9a%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/rde3dbd8e646dabf8bef1b097e9a13ee0ecbdb8441aaed6092726c98d%40%3Cissues.ambari.apache.org%3Ehttps://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3Ehttps://lists.apache.org/thread.html/r79c7e75f90e735fd32c4e3e97340625aab66c09dfe8c4dc0ab768b69%40%3Csolr-user.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/re8d12db916b5582a23ed144b9c5abd0bea0be1649231aa880f6cbfff%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r8a36e4f92f4449dec517e560e1b55639f31b3aca26c37bbad45e31de%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r7b89b3dcfc1b6c52dd8d610b897ac98408245040c92b484fe97a51a2%40%3Csolr-user.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r8e7a3c253a695a7667da0b0ec57f9bb0e31f039e62afbc00a1d96f7b%40%3Csolr-user.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r5dc200f7337093285bac40e6d5de5ea66597c3da343a0f7553f1bb12%40%3Csolr-user.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r7f21ab40a9b17b1a703db84ac56773fcabacd4cc1eb5c4700d17c071%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3Ehttps://nvd.nist.govhttps://github.com/p4d0rn/Sirenhttp://seclists.org/oss-sec/2019/q4/175
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook