CVE-2024-45216

CRITICAL EXPLOITED NUCLEI

Apache Solr 5.3.0-8.11.3 and 9.0.0-9.6.9 - Authentication Bypass via Fake URL Path Ending

Title source: llm

Exploitation Summary

CVE-2024-45216 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including iSee857, congdong007. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2024-45216 targeting Apache Solr, demonstrating remote command execution via crafted HTTP requests. The PoC includes a scanner for detecting vulnerable instances and executing commands like 'id'.

Description

Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing. This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0. Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue.

Exploits (2)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/ApacheSolr(CVE-2024-45216).py

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2024-45216 targeting Apache Solr, demonstrating remote command execution via crafted HTTP requests. The PoC includes a scanner for detecting vulnerable instances and executing commands like 'id'.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Solr

No auth needed

Prerequisites: Network access to the target Apache Solr instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC 2 stars

by congdong007 · infoleak

https://github.com/congdong007/CVE-2024-45216-Poc

View Code ZIP pw:eip

This PoC exploits an improper authentication vulnerability in Apache Solr (CVE-2024-45216) by bypassing authentication to enable remote streaming and read arbitrary files (e.g., /etc/passwd). It interacts with Solr's admin endpoints to manipulate configuration and retrieve sensitive data.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Apache Solr (version not specified)

No auth needed

Prerequisites: Network access to vulnerable Solr instance · Solr admin interface exposed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

Apache Solr - Authentication Bypass

CRITICALVERIFIEDby gumgum

Shodan: http.html:"Apache Solr"

References (2)

Core 2

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2024/10/15/8

Vendor Advisory vendor-advisory

https://solr.apache.org/security.html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending

Scores

CVSS v3 9.8

EPSS 0.9408

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2025-10-31

CWE

CWE-287 CWE-863

Status published

Products (2)

apache/solr 5.3.0 - 8.11.4

org.apache.solr/solr 5.3.0 - 8.11.4Maven

Published Oct 16, 2024

Tracked Since Feb 18, 2026