VDB
DEBIAN-CVE-2019-0193
DEBIAN-CVE-2019-0193
PUBLISHED
CVSS 7.199999809265137 HIGH
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
Risk Scores
CVSS v3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | lucene-solr | 0, 0, 0 |
| Debian:14 | lucene-solr | 0, 0, 0 |
| Debian:11 | lucene-solr | 0, 0, 0 |
| Debian:13 | lucene-solr | 0, 0, 0 |
Exploit Intelligence
- Apache Solr远程代码执行漏洞(CVE-2019-0193) Exploit (github-poc-repo)
- ApacheSolrRCE(CVE-2019-0193)一键写shell,原理是通过代码执行的java文件流写的马。 (github-poc-repo)
- ApacheSolrRCE(CVE-2019-0193)一键写shell,原理是通过代码执行的java文件流写的马。 (github-poc)
- jaychouzzk/CVE-2019-0193-exp (github-poc)
- Apache Solr远程代码执行漏洞(CVE-2019-0193) Exploit (github-poc)
- Apache Solr DataImport Handler RCE (github-poc)
- xConsoIe/CVE-2019-0193 (github-poc)
- agent_group.yaml (github-poc)
- kev.json (github-poc)
- web_poc_map_v2.yaml (github-poc)
…and 2 more exploits
Timeline
- Aug 1, 2019 CVE Published
- Apr 28, 2026 CVE Updated