CVE-2019-0192

CRITICAL EXPLOITED NUCLEI

Apache Solr 5.0.0-5.5.5 and 6.0.0-6.6.5 - Remote Code Execution via JMX Config API

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2019-0192 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including mpgn, Rapidsafeguard. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits CVE-2019-0192, a remote code execution vulnerability in Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5. It leverages unsafe deserialization via JMX configuration to execute arbitrary commands on the target system.

Description

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.

Exploits (2)

nomisec WORKING POC 210 stars
by mpgn · remote
https://github.com/mpgn/CVE-2019-0192

This PoC exploits CVE-2019-0192, a remote code execution vulnerability in Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5. It leverages unsafe deserialization via JMX configuration to execute arbitrary commands on the target system.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache Solr 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5
No auth needed
Prerequisites: Access to the Solr admin interface · Network access to the target Solr instance · Ysoserial tool for generating malicious payloads
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by Rapidsafeguard · remote
https://github.com/Rapidsafeguard/Solr-RCE-CVE-2019-0192

This PoC exploits CVE-2019-0192, an RCE vulnerability in Apache Solr via the DataImportHandler. It sends a crafted payload to execute arbitrary commands on the target system.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache Solr 1.3 – 8.2
No auth needed
Prerequisites: DataImportHandler must be enabled · Target Solr instance must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Apache Solr - Deserialization of Untrusted Data
CRITICALby hnd3884
Shodan: title:"Solr"
FOFA: title="Solr

References (14)

Core 14
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107318
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2413
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190327-0003/

Scores

CVSS v3 9.8
EPSS 0.7751
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-04-12
CWE
CWE-502
Status published
Products (3)
apache/solr 5.0.0 - 5.5.5
netapp/storage_automation_store
org.apache.solr/solr-core 5.0.0 - 7.0.0Maven
Published Mar 07, 2019
Tracked Since Feb 18, 2026