CVE-2019-0192

CRITICAL EXPLOITED NUCLEI

Apache Solr < 5.5.5 - Insecure Deserialization

Title source: rule

Description

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.

Exploits (2)

nomisec WORKING POC 210 stars

by mpgn · remote

https://github.com/mpgn/CVE-2019-0192

View Code ZIP pw:eip

nomisec WORKING POC 4 stars

by Rapidsafeguard · remote

https://github.com/Rapidsafeguard/Solr-RCE-CVE-2019-0192

View Code ZIP pw:eip

Nuclei Templates (1)

Apache Solr - Deserialization of Untrusted Data

CRITICALby hnd3884

Shodan: title:"Solr"

FOFA: title="Solr

References (14)

[Mailing List, Mitigation, Vendor Advisory] http://mail-archives.us.apache.org/mod_mbox/www-announce/201903.mbox/%3CCAECwjAV1buZwg%2BMcV9EAQ19MeAWztPVJYD4zGK8kQdADFYij1w%40mail.gmail.com%3E

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/107318

[Mailing List] https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20190327-0003/

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2019:2413

[Vendor Advisory] https://www.oracle.com/security-alerts/cpuoct2020.html

[Vendor Advisory] https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

[Mailing List] https://lists.apache.org/thread.html/42c5682f4acd1d03bd963e4f47ae448d7cff66c16b19142773818892%40%3Cdev.lucene.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/53e4744b14fb7f1810405f8ff5531ab0953a23dd09ce8071ce87e00d%40%3Cdev.lucene.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/b0ace855f569c6b7a0b03ba68566e53b1a1a519abd536bf38978ce4a%40%3Cdev.lucene.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/d0e608c681dfbb16b4da68d99d43fa0ddbd366bb3bcf5bc0d43c56d7%40%3Cdev.lucene.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/ec9c572fb803b26ba0318777977ee6d6a2fb3a2c50d9b4224e541d5d%40%3Cdev.lucene.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3E

Scores

CVSS v3 9.8

EPSS 0.9355

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2021-04-12

Classification

CWE

CWE-502

Status published

Affected Products (3)

apache/solr < 5.5.5

netapp/storage_automation_store

org.apache.solr/solr-core < 7.0.0Maven

Timeline

Published Mar 07, 2019

Tracked Since Feb 18, 2026