Apache Solr Admin API Probe for 2026-03-11
Mar 11, 2026
WebExploit
Last Updated: 12:12 UTC
Direct probing of /solr/admin/ management endpoints. CVE-2019-0193 (DataImportHandler RCE) requires admin API access and is frequently exploited for cryptominer deployment. The info/system and cores endpoints are the standard first requests in a Solr exploitation chain.
CVE References
MITRE ATT&CK
Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application
Observed URIs
/solr/admin/info/system/solr/admin/cores?action=STATUS&wt=json
Attackers by Country
IP Address : ASN : City/Provider
- 134.122.95.3 : AS14061 digitalocean llc : Frankfurt am Main