[Vulnerability Warning] Apache Solr Has The Remote Command Execution Vulnerability Warning

2019-03-08 19:11:55
Dear user

Recently, the security team of JD Cloud has detected thatthe vulnerability (CVE-2019-0192) is executed by the SoIr component via a remote command. Due to such vulnerability, the attacker is able to execute commands or further operation in the Virtual Machines attacked. As vulnerabilities will affect in some way

JD Cloud security team recommends that you should conduct the security self-examination in a timely manner. If your business is in the affecting scope, please update and fix the problem in time to avoid attacks from an external attacker.


Vulnerability Description

The vulnerability type isRCE( remote code execution), the vulnerability is found inSoIr Passing allowedHTTP POST Request configurationSolr ofJMX Server

InSoIr Passing jmx.serviceUrl Remote commands are executed by the data incredible in deserialization. Threaten the Endpoint Security.

Vulnerability Rating

High Risk

Influence Range

SolrVersion:

5.0.0~5.5.5

6.0.0~6.6.5

Security Recommendations

1. Upgrade toApache Solr 7.0 Or higher version

2. Please use the system attribute if the upgrade cannot be madedisable.configEdit = true RunningSolr, DisableConfigAPI (If not used)

3.Configure an access whitelist to ensure inflow of credible access traffic/Quit runningSolr Virtual Machines

Reference Link

https://issues.apache.org/jira/browse/SOLR-13301

https://wiki.apache.org/solr/SolrSecurity



JD Cloud team

2019-03-08 19:11:55