Apache Solr Unauthorized Upload Vulnerability (CVE-2020-13957)

Oct 14, 2020 GMT+08:00

I. Overview

Apache Solr has recently released an official security notice disclosing the unauthorized upload vulnerability (CVE-2020-13957) in the ConfigSet API of specific Solr versions. Attackers can exploit this vulnerability to conduct remote code execution.

If you are an Apache Solr user, check your versions and implement timely security hardening.

References:

https://www.mail-archive.com/announce@apache.org/msg06149.html

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected versions:

Apache Solr 6.6.0 to 6.6.5

Apache Solr 7.0.0 to 7.7.3

Apache Solr 8.0.0 to 8.6.2

Secure versions:

Apache Solr 8.6.3 and later

IV. Vulnerability Handling

Affected users can take any of the following measures to prevent this vulnerability:

1. If the ConfigSets API is not used, disable the UPLOAD command by setting the system attribute configset.upload.enabled to false.

Reference: https://lucene.apache.org/solr/guide/8_6/configsets-api.html

2. Use Authentication/Authorization and make sure unknown requests are not allowed.

Reference: https://lucene.apache.org/solr/guide/8_6/authentication-and-authorization-plugins.html

3. Upgrade to Solr 8.6.3 or a later version.

4. If upgrading is not an option, consider applying the patch in SOLR-14663.

Reference: https://issues.apache.org/jira/browse/SOLR-14663

5. Tune your firewall so that only trusted IP addresses and people are allowed to access Solr API (including the Admin UI).

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.