关联漏洞
标题:Apache Solr 代码问题漏洞 (CVE-2019-12409)Description:Apache Solr是美国阿帕奇(Apache)软件基金会的一款基于Lucene(一款全文搜索引擎)的搜索服务器。该产品支持层面搜索、垂直搜索、高亮显示搜索结果等。 Apache Solr 8.1.1版本和8.2.0版本中存在安全漏洞,该漏洞源于程序没有安全地设置默认solr.in.sh配置文件的ENABLE_REMOTE_JMX_OPTS配置选项。攻击者可利用该漏洞向Solr服务器上传恶意代码。
Description
CVE-2019-12409: RCE Vulnerability Due to Bad Defalut Config in Apache Solr
介绍
# CVE-2019-12409: RCE Vulnerability Due to Bad Defalut Config in Apache Solr
The 8.1.1 and 8.2.0 releases of Apache Solr contains insecure setting in the default solr.in.sh configuration file shipping with Solr.
The setting that result in this vulnerability are:
In "solr.in.sh":
- ENABLE_REMOTE_JMX_OPTS="true" (Enables the JMX Service)
In "solr.cmd":
- -Dcom.sun.management.jmxremote.local.only=false (Allows Remote Access to JMX)
- -Dcom.sun.management.jmxremote.authenticate=false (Does not Require Valid Credentials)
**Note**: Windows users are not affected.
### Vendor Disclosure:
The vendor's disclosure and fix for this vulnerability can be found [here](https://issues.apache.org/jira/browse/SOLR-13647).
### Proof Of Concept:
More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2019-12409/blob/main/Solr%20-%20CVE-2019-12409.pdf).
### Additional Information:
[PoC for exploiting CVE-2019-12409 using mjet](https://github.com/jas502n/CVE-2019-12409)
Another alternative tool for exploiting CVE-2019-12409 is [beanshooter](https://github.com/qtc-de/beanshooter).
文件快照
[4.0K] /data/pocs/c6c08c596c05e7f87941805d64d5287d9322a82b
├── [1.1K] README.md
└── [1.6M] Solr - CVE-2019-12409.pdf
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。