Security News > 2019 > November > Apache Solr RCEs with public PoCs could soon be exploited

Apache Solr RCEs with public PoCs could soon be exploited
2019-11-25 10:33

Two remote code execution (RCE) vulnerabilities in Apache Solr could be exploited by attackers to compromise the underlying server. One – CVE-2019-12409 – has already been patched, while the other – currently without a CVE number – seems to still be unpatched. Proof of concept exploit code for both is available on GitHub. In the past, attackers have been known to exploit vulnerabilities in Apache Solr to compromise servers and saddle them with crypto-mining malware. … More → The post Apache Solr RCEs with public PoCs could soon be exploited appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/0w1sEuGa2wg/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-11-18 CVE-2019-12409 Unrestricted Upload of File with Dangerous Type vulnerability in Apache Solr 8.1.1/8.2.0
The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr.
network
low complexity
apache CWE-434
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 549 713 367 1642