VDB-131446 · CVE-2019-0192 · Qualys 13434

Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request deserialization

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in Apache Solr up to 5.0.5/6.6.5. This vulnerability affects an unknown function of the component Config API. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
877568005/14/2020VulD...confirm_urlhttps://security.netapp.com/advisory/ntap-20190327-0003/security.netapp.com05/14/2020accepted100
877564105/14/2020VulD...discoverydate155183040005/14/2020accepted100
877569603/08/2019VulD...cvss3_nvd_basescore9.8nist.gov03/08/2019accepted90
877569503/08/2019VulD...0day_days103/08/2019accepted90
877569403/08/2019VulD...cvss3_vuldb_rcX03/08/2019accepted90
877569303/08/2019VulD...cvss3_vuldb_rlX03/08/2019accepted90
877569203/08/2019VulD...cvss3_vuldb_eX03/08/2019accepted90
877569103/08/2019VulD...cvss2_vuldb_rcND03/08/2019accepted90
877569003/08/2019VulD...cvss2_vuldb_rlND03/08/2019accepted90
877568903/08/2019VulD...cvss2_vuldb_eND03/08/2019accepted90
877568803/08/2019VulD...locationWebsite03/08/2019accepted90
877568703/08/2019VulD...seealso131479 13790103/08/2019accepted100
877568603/08/2019VulD...qualys_titleApache Solr Remote Code Execution Vulnerabilityqualys.com03/08/2019accepted100
877568503/08/2019VulD...qualys_id13434qualys.com03/08/2019accepted100
877568403/08/2019VulD...cve_nvd_summaryIn Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.mitre.org03/08/2019accepted100
877568303/08/2019VulD...cve_assigned1542153600mitre.org03/08/2019accepted100
877568203/08/2019VulD...cveCVE-2019-0192mitre.org03/08/2019accepted100
877568103/08/2019VulD...price_0day$5k-$25ksee documentation03/08/2019accepted100
877567903/08/2019VulD...urlhttp://mail-archives.us.apache.org/mod_mbox/www-announce/201903.mbox/%3CCAECwjAV1buZwg%2BMcV9EAQ19MeAWztPVJYD4zGK8kQdADFYij1w%40mail.gmail.com%3Email-archives.us.apache.org03/08/2019accepted100
877567803/08/2019VulD...date1551916800 (03/07/2019)03/08/2019accepted100

Do you need the next level of professionalism?

Upgrade your account now!