Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Disclosures/CVE-2019-12409-RCE Vulnerability Due to Bad Defalut Config-Apache Solr/
Disclosures/CVE-2019-12409-RCE Vulnerability Due to Bad Defalut Config-Apache Solr/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2019-12409: Apache Solr RCE Vulnerability Due to Bad Defalut Config

The 8.1.1 and 8.2.0 releases of Apache Solr contains insecure setting in the default solr.in.sh configuration file shipping with Solr.
The setting that result in this vulnerability are:

  • In "solr.in.sh":
    • ENABLE_REMOTE_JMX_OPTS="true" (Enables the JMX Service)
  • In "solr.cmd":
    • -Dcom.sun.management.jmxremote.local.only=false (Allows Remote Access to JMX)
    • -Dcom.sun.management.jmxremote.authenticate=false (Does not Require Valid Credentials)
Affected Product Affected Versions Affected OS
Apache Solr 8.1.1, 8.2.0 Unix / Linux

Note: Windows users are not affected.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Proof Of Concept:

Although there exist multiple ways to exploit the JMX, the simplest and most reliable way to exploit it is via the "exploit/multi/misc/java_jmx_server" metasploit module:

Additional Resources:

Exploiting CVE-2019-12409 using mjet