cbcvebase.
CVE-2020-13957
published 2020-10-13

CVE-2020-13957: Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code…

PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
78.87%
99.5th percentile
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.

Affected

4 ranges
VendorProductVersion rangeFixed in
apachesolr6.6.0 – 6.6.6
apachesolr7.0.0 – 7.7.3
apachesolr8.0.0 – 8.6.2
debianlucene-solr

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is exploited by combining UPLOAD and CREATE ConfigSet API actions to bypass security checks on unauthenticated configset uploads, enabling remote code execution via dangerous features in a ConfigSet.
  • ·Affected Apache Solr versions are 6.6.0–6.6.6, 7.0.0–7.7.3, and 8.0.0–8.6.2. Versions outside these ranges are not affected.
  • ·The vulnerability specifically targets the ConfigSet upload API endpoint when Solr is running without authentication/authorization enabled. Deployments with authentication/authorization enforced are at reduced risk.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_debian9.8LOW
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.