CVE-2019-17558

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Solr
Vendor: CVE Published:; 30 December 2019

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 97%🦅 CISA Reported

Summary

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting params.resource.loader.enabled by defining a response writer with that setting set to true. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is trusted (has been uploaded by an authenticated user).

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

Apache Solr Apache Solr 5.0.0 to Apache Solr 8.3.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Solr_CVE-2019-17558
Created by Ma1Dong

CVE-2019-17558_Solr_Vul_Tool
Created by thelostworldFree

Exploit_CVE-2019-17558-RCE
Created by xkyrage