Description

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server.

Remediation

References

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE%20Vulnerability%20Due%20to%20Bad%20Defalut%20Config-Apache%20Solr

https://lists.apache.org/thread.html/47e112035b4aa67ece3b75dbcd1b9c9212895b9dfe2a71f6f7c174e2%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d%40%3Csolr-user.lucene.apache.org%3E

https://lists.apache.org/thread.html/925cdb49ceae78baddb45da7beb9b4d2b1ddc4a8e318c65e91fb4e87%40%3Cissues.lucene.apache.org%3E

https://lists.apache.org/thread.html/a044eae4f6f5b0160ece5bf9cc4c0dad90ce7dd9bb210a9dc50b54be%40%3Cgeneral.lucene.apache.org%3E

https://lists.apache.org/thread.html/ce7c0b456b15f6c7518adefa54ec948fed6de8e951a2584500c1e541%40%3Cissues.lucene.apache.org%3E

https://support.f5.com/csp/article/K23720587?utm_source=f5support&amp%3Butm_medium=RSS

Related Vulnerabilities

CVE-2015-0250 Vulnerability in maven package org.apache.xmlgraphics:batik-dom

CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-api

CVE-2021-21380 Vulnerability in maven package org.xwiki.platform:xwiki-platform-ratings-api

CVE-2020-8137 Vulnerability in maven package org.webjars.npm:uppy

CVE-2015-8315 Vulnerability in maven package org.webjars.npm:ms

Severity

Critical

Classification

CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory