HTTP: Apache Solr ConfigSets CVE-2020-13957 Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Apache Solr. A successful attack can lead to arbitrary code execution.

Extended Description

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.

Affected Products

Apache solr

References

CVE: CVE-2020-13957

Short Name
HTTP:APACHE:SOL-CONFSTS-RCE
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Apache CVE-2020-13957 Code ConfigSets Execution Remote Solr
Release Date
06/17/2021
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3716
False Positive
Rarely
Vendors

Apache

CVSS Score

7.5

Found a potential security threat?