Security News > 2019 > November > Apache Solr RCEs with public PoCs could soon be exploited
2019-11-25 10:33
Two remote code execution (RCE) vulnerabilities in Apache Solr could be exploited by attackers to compromise the underlying server. One – CVE-2019-12409 – has already been patched, while the other – currently without a CVE number – seems to still be unpatched. Proof of concept exploit code for both is available on GitHub. In the past, attackers have been known to exploit vulnerabilities in Apache Solr to compromise servers and saddle them with crypto-mining malware. … More → The post Apache Solr RCEs with public PoCs could soon be exploited appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/0w1sEuGa2wg/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-18 | CVE-2019-12409 | Unrestricted Upload of File with Dangerous Type vulnerability in Apache Solr 8.1.1/8.2.0 The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. | 9.8 |