Service Notices

All Notices > Security Notices > Apache Solr Remote Code Execution Vulnerability Due to Bad Configuration Default (CVE-2019-12409)

Apache Solr Remote Code Execution Vulnerability Due to Bad Configuration Default (CVE-2019-12409)

Nov 26, 2019 GMT+08:00

I. Overview

Apache Solr has officially disclosed a remote code execution vulnerability (CVE-2019-12409) due to bad configuration default. The 8.1.1 and 8.2.0 releases of Apache Solr are affected. In the solr.in.sh configuration file, the ENABLE_REMOTE_JMX_OPTS is set to true by default, which may be exploited by attackers to implement RCE through the JMX port.

Therefore, we kindly remind you to arrange self-check and implement timely security hardening.

Reference links:

https://www.mail-archive.com/announce@apache.org/msg05559.html

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Product

Apache Solr 8.1.1 and 8.2.0 (Linux version)

Windows operating systems are not affected.

IV. Vulnerability Handling

No official version is released to fix the vulnerability. The following measures can be taken to mitigate the risk:

1. Open the solr.in.sh configuration file in the affected Solr release, set the ENABLE_REMOTE_JMX_OPTS to false, and restart the Solr service.

2. Set security groups and deny external access through the 18983 port to prevent the Solr service from being exposed over the Internet.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.