CVE-2019-0192

2019-10-10T17:40:21
ID RH:CVE-2019-0192
Type redhatcve
Reporter redhat.com
Modified 2021-11-09T00:34:06

Description

A flaw was found in the Apache Solr's Config API, where it would permit the configuration of the JMX server via an HTTP POST request. An attacker could use this flaw to direct traffic to a malicious RMI server, and then trigger remote code execution or conduct further attacks.

Mitigation

  • Upgrade to 6.6.6 or later
  • Disable the ConifgAPI if not in use (disable.configEdit=true)
  • Use other external means to ensure only trusted traffic is allowed (block POST requests to the config API from external sources)