Overview Recently, NSFOCUS CERT found that the analysis article of Apache Solr remote code execution vulnerability was publicly disclosed on the Internet. When Solr is launched in cloud mode and can go offline, an unauthenticated remote attacker can execute arbitrary code on the target system by sending multiple specially crafted...
Tag: Apache Solr
Apache Solr Arbitrary File Read and SSRF Vulnerability Threat Alert
Vulnerability Description Recently, NSFOCUS detected that an Apache Solr arbitrary file read and server-side request forgery (SSRF) vulnerability was disclosed on the Internet. Since authentication was disabled by default when Apache Solr was installed, unauthenticated attackers could turn on requestDis patcher.requestParsers.enableRemoteStreaming via the Config API, thereby exploiting the vulnerability to...
Apache Solr Remote Code Execution Vulnerability (CVE-2019-12409) Threat Alert
Vulnerability Description On November 18, local time, Apache Software Foundation (ASF) released an official security bulletin to reveal a remote code execution vulnerability (CVE-2019-12409) in Apache Solr. This vulnerability exists and can bring security risks because the configuration item ENABLE_REMOTE_JMX_OPTS in the configuration file solr.in.sh is enabled by default. If...
