0193: apache solr remote code execution vulnerability alert

Apache Solr is an open source search server. Solr is developed in Java language, mainly based on HTTP and Apache Lucene. The resources stored in Apache Solr are stored with document as the object. Each document consists of a series of fields, each of which represents an attribute of a resource. ——Baidu Encyclopedia

On August 1, 2019, Apache Solr released the latest vulnerability cve-2019-0193 warning, and the vulnerability impact rating was serious. The vulnerability lies in the optional module dataimporthandler, which is mainly responsible for extracting data from the database or other sources. Users can set the configuration of the DIH module through the dataconfig parameter in the external request. And because the DIH configuration can contain scripts, there are security risks. Starting with Solr version 8.2.0, to activate this parameter, you need to set the Java system property "enable.dih. Dataconfigparam" to true.

Attackers can use the dataconfig parameter to build malicious requests for remote code execution. All users need to upgrade Solr to the latest version as soon as possible to ensure that it is not affected by the vulnerability.

General situation of distribution

At present, the latest data of fofa system (within one year) shows that there are 8910 Solr services worldwide. The United States has the largest number of users, 3322 in total, China's second, 1411 in total, Germany's third, 804 in total, Ireland's fourth, 440 in total, France's fifth, 301 in total.

In China, Zhejiang Province has the largest number of users, with a total of 752; Beijing is the second, with a total of 260; Guangdong Province is the third, with a total of 63; Jiangsu Province is the fourth, with a total of 41; Shanghai is the fifth, with a total of 28.

Affected versions

Apache Solr <8.2.0

The exploitation conditions of the vulnerability are harsh, and it is expected that fewer services will be affected worldwide.

CVE number

CVE-2019-0193

CVE-2019-0193

Restoration proposal

Upgrade Apache Solr to version 8.2.0 or later.

Temporary repair recommendations:

Ensure that trusted sources communicate with Solr, especially with the DIH request handler.

Reference link

https://issues.apache.org/jira/browse/SOLR-13669
https://meterpreter.org/cve-2019-0193-apache-solr-remote-code-execution-vulnerability/

https://issues.apache.org/jira/browse/SOLR-13669
https://meterpreter.org/cve-2019-0193-apache-solr-remote-code-execution-vulnerability/