Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Blog Tenable

S'abonner

CVE-2019-12409 :

Linux servers using Apache Solr versions 8.1.1 and 8.2.0 with default configurations are potentially vulnerable to remote code execution.

Contexte

On July 22, 2019, a configuration flaw in versions 8.1.1 and 8.2.0 was found in Apache Solr, the open-source search-engine platform. John Ryan originally reported the issue and credit was also given to Matei “Mal” Badanoiu for noting the flaw could lead to remote code execution (RCE).

Analyse

CVE-2019-12409 is a flaw in the default configuration of the solr.in.sh file in Apache Solr. If this file is used in its default configuration in versions 8.1.1 and 8.2.0, unauthenticated access to the Java Management Extensions (JMX) monitoring on the RMI_PORT (default 18983) is allowed. Anyone with access to a vulnerable Solr server, and, in turn, JMX, could upload malicious code that could then be executed.

Démonstration de faisabilité (PoC)

There is currently a proof of concept (PoC) available in a GitHub repository implementing the MJET script by MOGWAI LABS to create a reverse shell on a system with the vulnerable configuration.

Solution

On November 18, Apache Solr revised the originally reported bug report after it was found that the flaw could lead to RCE. In addition, the Changelog highlighted this flaw as one of the fixes in Apache Solr version 8.3.

Per the security advisory, this vulnerability can also be remediated by setting the ENABLE_REMOTE_JMX_OPTS parameter to ’false’ in the solr.in.sh file. The change can be confirmed by ensuring the com.sun.management.jmxremote* properties are not listed in the Solr Admin interface under the Java Properties section.

Identification des systèmes affectés

A list of Tenable plugins to identify this vulnerability will appear here as they’re released.

Où trouver plus d'informations

Rejoignez l'équipe SRT de Tenable sur Tenable Community.

Apprenez-en plus sur Tenable, la première plateforme de Cyber Exposure qui vous permet de gérer votre surface d'attaque moderne de manière globale.

Get a free 60-day trial of Tenable.io Vulnerability Management.

Articles connexes

Des actualités décisives sur la cyber-sécurité

Saisissez votre adresse e-mail et ne manquez plus aucune alerte ni aucun conseil en matière de sécurité de la part de nos experts Tenable.