VDB
CNVD-2019-26390
CNVD-2019-26390
PUBLISHED
CVSS 7.199999809265137 HIGH
Apache Solr是美国阿帕奇(Apache)软件基金会的一款基于Lucene(一款全文搜索引擎)的搜索服务器。该产品支持层面搜索、垂直搜索、高亮显示搜索结果等。 Apache Solr存在远程代码执行漏洞,攻击者可通过dataConfig参数构造恶意请求利用该漏洞执行任意代码。
Risk Scores
CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Apache Solr | Apache Solr all prior to 8.2.0 |
Exploit Intelligence
- Apache Solr远程代码执行漏洞(CVE-2019-0193) Exploit (github-poc-repo)
- Apache Solr远程代码执行漏洞(CVE-2019-0193) Exploit (github-poc-repo)
- ApacheSolrRCE(CVE-2019-0193)一键写shell,原理是通过代码执行的java文件流写的马。 (github-poc-repo)
- ApacheSolrRCE(CVE-2019-0193)一键写shell,原理是通过代码执行的java文件流写的马。 (github-poc-repo)
- ApacheSolrRCE(CVE-2019-0193)一键写shell,原理是通过代码执行的java文件流写的马。 (github-poc)
- ApacheSolrRCE(CVE-2019-0193)一键写shell,原理是通过代码执行的java文件流写的马。 (github-poc)
- jaychouzzk/CVE-2019-0193-exp (github-poc)
- jaychouzzk/CVE-2019-0193-exp (github-poc)
- Apache Solr远程代码执行漏洞(CVE-2019-0193) Exploit (github-poc)
- Apache Solr远程代码执行漏洞(CVE-2019-0193) Exploit (github-poc)
…and 110 more exploits
Timeline
- Aug 1, 2019 CVE Published
- Dec 16, 2019 PoC Published
- Jun 14, 2023 PoC Published
- Nov 2, 2024 PoC Published
- Nov 19, 2024 PoC Published
- Dec 24, 2024 PoC Published
- Dec 27, 2024 PoC Published
- Jan 5, 2025 PoC Published
- Jan 13, 2025 PoC Published
- Jan 23, 2025 PoC Published
- Jan 30, 2025 PoC Published
- Feb 9, 2025 PoC Published
References
- https://issues.apache.org/jira/browse/SOLR-13669 url
- [debian-lts-announce] 20191010 [SECURITY] [DLA 1954-1] lucene-solr security update mailing-list
- [lucene-issues] 20191025 [jira] [Updated] (SOLR-13873) Is there any fix for CVE-2019-0193 issue for solr 7.7.1 mailing-list
- [lucene-issues] 20191025 [jira] [Created] (SOLR-13873) Is there any fix for CVE-2019-0193 issue for solr 7.7.1 mailing-list
- [lucene-issues] 20191025 [jira] [Resolved] (SOLR-13873) Is there any fix for CVE-2019-0193 issue for solr 7.7.1 mailing-list
- [lucene-issues] 20191025 [jira] [Commented] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler mailing-list
- [lucene-issues] 20191025 [jira] [Commented] (SOLR-13873) Is there any fix for CVE-2019-0193 issue for solr 7.7.1 mailing-list
- [nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html mailing-list
- [lucene-issues] 20191129 [jira] [Commented] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler mailing-list
- [lucene-issues] 20191130 [jira] [Resolved] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler mailing-list
- [lucene-issues] 20191130 [jira] [Closed] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler mailing-list
- [nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html mailing-list
- [lucene-dev] 20200213 Re: 7.7.3 bugfix release mailing-list
- [lucene-dev] 20200214 Re: 7.7.3 bugfix release mailing-list
- [lucene-issues] 20200218 [jira] [Updated] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler mailing-list
- [lucene-issues] 20200218 [jira] [Commented] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler mailing-list
- [debian-lts-announce] 20200816 [SECURITY] [DLA 2327-1] lucene-solr security update mailing-list
- [submarine-commits] 20201209 [GitHub] [submarine] QiAnXinCodeSafe opened a new issue #474: There is a vulnerability in Apache Solr 5.5.4,upgrade recommended mailing-list
- [druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves mailing-list
- [solr-users] 20210618 CVE-2021-27905 Apache Solr ReplicationHandler/SSRF vulnerability mailing-list
…and 3 more