CVE-2019-17558

CWE-7416 documents13 sources

7.5

CVSS

HIGH

EPSS94.5%(100th)

CISA KEVPublic ExploitExploited in Wild

CISA Required Action: Apply updates per vendor instructions.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages3 packages

▶NVDapache/solr5.0.0 — 7.7.3+1

▶Mavenorg.apache.solr:solr-core5.0.0 — 8.4.0+3

▶NVDoracle/primavera_unifier17.7 — 17.12+4

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`....

NVD ↗MITRE ↗Patch: issues.apache.org ↗Patch: issues.apache.org ↗

🔴Vulnerability Details

GHSA

Improper Input Validation in Apache Solr↗2020-02-12

▶

OSV

Improper Input Validation in Apache Solr↗2020-02-12

▶

CVEList

CVE-2019-17558: Apache Solr 5↗2019-12-30

▶

OSV

CVE-2019-17558: Apache Solr 5↗2019-12-30

▶

VulnCheck

Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability↗2019

▶

💥Exploits & PoCs

Exploit-DB

Apache Solr - Remote Code Execution via Velocity Template (Metasploit)↗2020-04-16

▶

Exploit-DB

Apache Solr 8.2.0 - Remote Code Execution↗2019-11-01

▶

Nuclei

Apache Solr <=8.3.1 - Remote Code Execution

▶

🔍Detection Rules

Suricata

ET EXPLOIT Apache Solr RCE via Velocity Template M1 (CVE-2019-17558)↗2021-10-27

▶

Suricata

ET EXPLOIT Apache Solr RCE via Velocity Template M2 (CVE-2019-17558)↗2021-10-27

▶

📋Vendor Advisories

CISA

Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability↗2021-11-03

▶

Red Hat

solr: Remote Code Execution through the VelocityResponseWriter↗2019-12-30

▶

Debian

CVE-2019-17558: lucene-solr - Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution...↗2019

▶

Oracle

Oracle Critical Patch Update - OCT 2020↗

▶

💬Community

MailList

[CVE-2019-17558] Apache Solr RCE through VelocityResponseWriter↗2019-12-30

▶