VDB
CNVD-2019-06598
CNVD-2019-06598
PUBLISHED
Apache Solr是一个用Java编写的开源企业搜索平台。 Apache Solr 5.0.0 - 5.5.5、6.0.0 - 6.6.5版本存在远程代码执行漏洞。该漏洞源于Config API允许通过HTTP POST请求配置JMX服务器。攻击者可通过将其指向恶意RMI服务器,并利用Solr的非安全的反序列化实现Solr端的远程代码执行。
Exploit Intelligence
- Apache Solr remote code execution via dataImportHandler (github-poc)
- Apache Solr remote code execution via dataImportHandler (github-poc)
- RCE on Apache Solr using deserialization of untrusted data via jmx.serviceUrl (github-poc)
- RCE on Apache Solr using deserialization of untrusted data via jmx.serviceUrl (github-poc)
- cve_version_check.go (github-poc)
- cve_version_check.go (github-poc)
- nuclei_routing.go (github-poc)
- nuclei_routing.go (github-poc)
- Nuclei Template: CVE-2019-0192 (nuclei-template)
- Nuclei Template: CVE-2019-0192 (nuclei-template)
Timeline
- CVE Published