Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-0192

CWE-502 — Deserialization of Untrusted Data CWE-20 — Improper Input Validation20 documents12 sources

Severity

9.8CRITICAL

EPSS

93.5%

top 0.17%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apache Solr Apache Software Foundation Apache Solr

Timeline

PublishedMar 7

Latest updateOct 15

Description

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Mavenorg.apache.solr:solr-core5.0.0 — 7.0.0+1

▶NVDapache/solr5.0.0 — 5.5.5+1

▶CVEListV5apache_software_foundation/apache_solrApache Solr 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5

🔴Vulnerability Details

OSV

Critical severity vulnerability that affects org.apache.solr:solr-core↗2019-03-14

▶

GHSA

Critical severity vulnerability that affects org.apache.solr:solr-core↗2019-03-14

▶

OSV

CVE-2019-0192: In Apache Solr versions 5↗2019-03-07

▶

CVEList

CVE-2019-0192: In Apache Solr versions 5↗2019-03-07

▶

VulnCheck

Apache Solr Deserialization of Untrusted Data↗2019

▶

💥Exploits & PoCs

Nuclei

Apache Solr - Deserialization of Untrusted Data

▶

📋Vendor Advisories

Oracle

Oracle Oracle Big Data Graph Risk Matrix: Property Graph Analytics (Apache Solr) — CVE-2019-0192↗2020-10-15

▶

Red Hat

solr: remote code execution due to unsafe deserialization↗2019-03-07

▶

Debian

CVE-2019-0192: lucene-solr - In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows...↗2019

▶