Apache Solr 5.x <= 5.5.5 or 6.x <= 6.6.5 Deserialization Vulnerability

critical Nessus Plugin ID 123417

Synopsis

The remote web server contains a Java application that is affected by a remote code execution vulnerability.

Description

The version of Apache Solr running on the remote web server is affected by a remote code execution vulnerability in the Config API due to unsafe deserialization of Java objects. An unauthenticated, remote attacker can exploit this, via an HTTP POST request that points the JMX server to a malicious RMI server. An attacker could then send a crafted serialized Java object to the server, to execute arbitrary code.

Solution

Upgrade to Apache Solr version 7.0 or later, refer to the vendor advisory for relevant patch and configuration settings.

See Also

http://www.nessus.org/u?5f3c5a00

Plugin Details

Severity: Critical

ID: 123417

File Name: solr_7_0_0.nasl

Version: 1.3

Type: remote

Family: CGI abuses

Published: 3/27/2019

Updated: 6/7/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-0192

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:solr

Required KB Items: installed_sw/Apache Solr, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/7/2019

Vulnerability Publication Date: 3/7/2019

Reference Information

CVE: CVE-2019-0192

BID: 107318