High Threat Security Alert (A19-11-04): Vulnerability in Apache Solr Search Platform

Description:

The Apache Software Foundation has released a security advisory to address an insecure setting issue in Apache Solr 8.1.1 and 8.2.0 for Linux.  A remote unauthenticated attacker could leverage the vulnerability to upload and run malicious code on vulnerable systems

The proof-of-concept exploit code targeting the remote code execution vulnerability (CVE-2019-12409) has been publicly available. Attacks against any of the vulnerable systems are highly likely from now on. Users are advised to take immediate action to fix the affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• Apache Solr 8.1.1 and 8.2.0 for Linux

Impact:

Successful exploitation of the vulnerability could result in arbitrary code execution on affected systems.

Recommendation:

System administrators should take the following actions as advised by the Apache Software Foundation to address the issue:

1. Set the "ENABLE_REMOTE_JMX_OPTS" option in all effective "solr.in.sh" config files to "false" on every Apache Solr nodes;
2. Restart the affected Apache Solr; and
3. Validate that the 'com.sun.management.jmxremote*' family of properties are not listed in the "Java Properties" section of the Apache Solr Admin UI.

System administrations should also restrict only trusted services/users to access the Apache Solr nodes and never expose the Apache Solr nodes directly to the Internet.

More Information:

https://lucene.apache.org/solr/news.html#18-november-2019-cve-2019-12409-apache-solr-rce-vulnerability-due-to-bad-config-default
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12409