Vulnerability Watch

Forum Discussion

snarang's avatar
snarang
Product Team
6 years ago

Apache Solr Remains Vulnerable to Zero Day Remote Code...

Apache Solr Remains Vulnerable to Zero Day Remote Code Execution Flaw

Late last month, a proof of concept (PoC) for a remote code execution (RCE) vulnerability in the Velocity Response Writer plugin in Apache Solr, a popular open-source search platform built on Apache Lucene, was published as a GitHub Gist. A few days later, an exploit script was published to a GitHub repository. Our research teams have confirmed Apache Solr versions 7.7.2 through 8.3 (the most current release) are vulnerable to this flaw, and we suspect older versions that include the Config API are potentially vulnerable. 

For more details about the vulnerability, including mitigation, please visit our blog.

Cyber Exposure Alerts

9 Replies

  • Anonymous's avatar
    Anonymous
    6 years ago

    Thanks for the info Mr.satnam​

  • jones_bryan's avatar
    jones_bryan
    Connect Contributor
    6 years ago

    Interesting post. ​Any update on when a plugin will be released for this?

    • snarang's avatar
      snarang
      Product Team
      6 years ago

      Hi @Bryan Jones​,

      A plugin is expected to be released within the next day. There is a link on the blog to the plugin search page, which currently shows no results. There should be a result by tomorrow. For reference, here's the link.

      Regards,

      Satnam

      • jones_bryan's avatar
        jones_bryan
        Connect Contributor
        6 years ago

        ​Thanks, for the update. I still don't see a plugin listed for it.

Recent Discussions