HTTP: Apache Solr configset upload Directory Traversal
This signature detects attempts to exploit a known vulnerability against Apache. A successful attack can lead to directory traversal and arbitrary code execution.
Extended Description
Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue. Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.
References
CVE: CVE-2024-52012
URL: https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd
Short Name
HTTP:DIR:APACHE-SOLR-CONF
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2024-52012 Directory Solr Traversal configset upload
Release Date
02/21/2025
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
Sigpack Version
3785
False Positive
Unknown