[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2019-0192 Deserialization of untrusted data via jmx.serviceUrl in Apache Solr
From:       Tomas Fernandez Lobbe <tflobbe () apache ! org>
Date:       2019-03-07 6:41:37
Message-ID: CAECwjAWWcYFtuxjHYXRkJ_w9Gz6__ObzTGOP+BGb6KiHFdgaBQ () mail ! gmail ! com
[Download RAW message or body]


Severity: High

Vendor: The Apache Software Foundation

Versions Affected:
5.0.0 to 5.5.5
6.0.0 to 6.6.5

Description:
ConfigAPI allows to configure Solr's JMX server via an HTTP POST request.
By pointing it to a malicious RMI server, an attacker could take advantage
of Solr's unsafe deserialization to trigger remote code execution on the
Solr side.

Mitigation:
Any of the following are enough to prevent this vulnerability:
* Upgrade to Apache Solr 7.0 or later.
* Disable the ConfigAPI if not in use, by running Solr with the system
property "disable.configEdit=true"
* If upgrading or disabling the Config API are not viable options, apply
patch in [1] and re-compile Solr.
* Ensure your network settings are configured so that only trusted traffic
is allowed to ingress/egress your hosts running Solr.

Credit:
Michael Stepankin

References:
[1] https://issues.apache.org/jira/browse/SOLR-13301
[2] https://wiki.apache.org/solr/SolrSecurity


[prev in list] [next in list] [prev in thread] [next in thread]