You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows attackers to configure the JMX server via an HTTP POST request. By directing it to a malicious RMI server, this vulnerability can be exploited to trigger unsafe deserialization, leading to remote code execution on the Solr server.
Is there an existing template for this?
Template requests
Description:
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows attackers to configure the JMX server via an HTTP POST request. By directing it to a malicious RMI server, this vulnerability can be exploited to trigger unsafe deserialization, leading to remote code execution on the Solr server.
Severity: Critical
POC:
References:
Shodan Query:
cpe:"cpe:2.3:a:apache:solr"
CPE:
cpe:2.3:a:apache:solr::::::::
cpe:2.3:a:netapp:storage_automation_store:-:::::::*
Anything else?
No response
The text was updated successfully, but these errors were encountered: