I. Overview

An Apache Solr RCE vulnerability via Velocity template has recently been disclosed. Attackers can exploit this vulnerability to construct special requests to execute remote commands or even obtain server permissions.

POC of this vulnerability has been published. We therefore remind you to arrange timely inspection and security hardening.

Reference link:

https://gist.github.com/s00py/a1ba36a3689fa13759ff910e179fc133

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Product

Apache Solr

IV. Vulnerability Inspection and Handling

Inspection

If either of the following conditions is met, the vulnerability may affect the system:

1. The Solr console can be successfully accessed through POST requests. You can refer to the following command sample to perform the test:

http://hostname/solr/instance name/config

2. In the Solr configuration file solrconfig.xml, the params.resource.loader.enabled is set to true.

Handling

No official patch for this vulnerability is released. It is recommended that you do not expose Solr to the public network and ensure requests are from trusted sources. Follow up to the release status on the official website and update your version to the latest one once the official patch is available.

https://lucene.apache.org/solr/

According to the POC of this vulnerability, the HUAWEI CLOUD WAF service can block attacks exploiting this vulnerability by default. If you are a WAF user, you only need to enable the interception function of WAF to prevent such attacks. For details about the configuration on WAF, see https://support.huaweicloud.com/intl/en-us/usermanual-waf/waf_01_0008.html

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.