HTTP: Apache Solr Config API Insecure Deserialization Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Apache Solr. A successful attack can lead to arbitrary code execution.
Extended Description
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.
Affected Products
Netapp storage_automation_store
Short Name
HTTP:APACHE:CVE-2019-0192-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
API Apache CVE-2019-0192 Code Config Deserialization Execution Insecure Remote Solr bid:107318
Release Date
05/14/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3693
False Positive
Unknown
Vendors
Apache
Netapp
CVSS Score
7.5