Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2019-0192 - Remote Code Execution via Unsafe Deserialization #10891

Open
1 task done
princechaddha opened this issue Oct 3, 2024 · 0 comments
Open
1 task done

CVE-2019-0192 - Remote Code Execution via Unsafe Deserialization #10891

princechaddha opened this issue Oct 3, 2024 · 0 comments
Assignees
@princechaddha
Labels
template-requests Request for new Nuclei templates to be created

Comments

@princechaddha
Copy link
Member

Is there an existing template for this?

  • I have searched the existing templates.

Template requests

Description:
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows attackers to configure the JMX server via an HTTP POST request. By directing it to a malicious RMI server, this vulnerability can be exploited to trigger unsafe deserialization, leading to remote code execution on the Solr server.

Severity: Critical

POC:

References:

Shodan Query:
cpe:"cpe:2.3:a:apache:solr"

CPE:
cpe:2.3:a:apache:solr::::::::
cpe:2.3:a:netapp:storage_automation_store:-:::::::*

Anything else?

No response
@princechaddha princechaddha added the template-requests Request for new Nuclei templates to be created label Oct 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@princechaddha princechaddha

Labels
template-requests Request for new Nuclei templates to be created
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@princechaddha