Apache Solr

Apache Solr Remote Code Execution Vulnerability (CNVD-2023-27598) Notice

April 20, 2023

Overview Recently, NSFOCUS CERT found that the analysis article of Apache Solr remote code execution vulnerability was publicly disclosed on the Internet. When Solr is launched in cloud mode and can go offline, an unauthenticated remote attacker can execute arbitrary code on the target system by sending multiple specially crafted packets. Please take measures to […]

Apache Solr Arbitrary File Read and SSRF Vulnerability Threat Alert

March 29, 2021

Vulnerability Description Recently, NSFOCUS detected that an Apache Solr arbitrary file read and server-side request forgery (SSRF) vulnerability was disclosed on the Internet. Since authentication was disabled by default when Apache Solr was installed, unauthenticated attackers could turn on requestDis patcher.requestParsers.enableRemoteStreaming via the Config API, thereby exploiting the vulnerability to read files. Currently, the proof […]

Apache Solr Remote Code Execution Vulnerability (CVE-2019-12409) Threat Alert

December 3, 2019

Vulnerability Description On November 18, local time, Apache Software Foundation (ASF) released an official security bulletin to reveal a remote code execution vulnerability (CVE-2019-12409) in Apache Solr. This vulnerability exists and can bring security risks because the configuration item ENABLE_REMOTE_JMX_OPTS in the configuration file solr.in.sh is enabled by default. If you use the default configuration […]

Search

Subscribe to the NSFOCUS Blog