Linux servers that using Apache Solr versions 8.1.1 and 8.2.0 with a default configuration are vulnerable to Remote Code Execution. The vulnerability allows an attacker to upload malicious code that could be executed.
Apache Solr is an open-source search engine platform built on Lucene, a Java search library for full-text indexing and search. Solr was created in 2004 and in 2006 it was made as open-source software under Apache Software Foundation.
Apache Solr – RCE
The vulnerability resides with the default configuration of the solr.in.sh file that presents in Apache Solr. If the file used in default configuration with versions 8.1.1 and 8.2.0, allows unauthenticated access to the Java Management Extensions (JMX) that runs on default port 18983.
JMX is a Java-based API that supplies tools for managing and monitoring services, applications and devices.
The vulnerability was reported by security researcher John Ryan and Matei “Mal” Badanoiu noted that vulnerability could lead to remote code execution (RCE).
The vulnerability can be tracked as CVE-2019-12409, it allows anyone with access “to a vulnerable Solr server, and, in turn, JMX, could upload malicious code that could then be executed,” reads Tenable blog post.
PoC for the vulnerability available GitHub repository, by implementing along with MJET (JMX exploitation toolkit) allows creating a reverse shell on vulnerable installations.
The vulnerability has been reported to Apache Solr and it has been fixed with version 8.3. It can be also resolved by changing the ENABLE_REMOTE_JMX_OPTS parameter to ’false’ with the configuration file solr.in.sh according to the advisory.
You can follow us on Linkedin, Twitter, Facebook for daily Cyber Security and hacking news updates.
Also Read
Debian 10.2 “buster” Released With Several Bug Fixes and Security Updates