CVE-2019-12409 Information

Description

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983) without any authentication. If this port is opened for inbound traffic in your firewall then anyone with network access to your Solr nodes will be able to access JMX which may in turn allow them to upload malicious code for execution on the Solr server.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE20Vulnerability20Due20to20Bad20Defalut20Config-Apache20Solr https://lists.apache.org/thread.html/47e112035b4aa67ece3b75dbcd1b9c9212895b9dfe2a71f6f7c174e2@3Cannounce.apache.org3E https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d@3Csolr-user.lucene.apache.org3E https://lists.apache.org/thread.html/925cdb49ceae78baddb45da7beb9b4d2b1ddc4a8e318c65e91fb4e87@3Cissues.lucene.apache.org3E https://lists.apache.org/thread.html/a044eae4f6f5b0160ece5bf9cc4c0dad90ce7dd9bb210a9dc50b54be@3Cgeneral.lucene.apache.org3E https://lists.apache.org/thread.html/ce7c0b456b15f6c7518adefa54ec948fed6de8e951a2584500c1e541@3Cissues.lucene.apache.org3E https://support.f5.com/csp/article/K23720587?utm_source=f5support&utm_medium=RSS

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8