11 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-0192
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a...
U.S. Dept Of Defense: Remote Code Execution on █████████
Summary: An unauth solr lead to RCE on ██████████ Description: Hello, I found a solr unauth at https://██████/solr/ This version is 5.5.1, vulnerable with CVE-2019-0192 and CVE-2019-0193, i have try CVE-2019-0193 and successful RCE. Impact Attacker can get shell on server. Step-by-step Reproducti...
Exploit for Deserialization of Untrusted Data in Apache Solr
Solr-RCE-CVE-2019-0192 Apache Solr remote code e...
Security Bulletin: A vulnerability in Apache Solr affects IBM InfoSphere Information Server
Summary A vulnerability in Apache Solr was addressed by IBM InfoSphere Information Server. Vulnerability Details CVE-ID: CVE-2019-0192 Description: Apache Solr could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization of untrusted data flaw in...
Security Bulletin: Potential vulnerability related to Unsafe Deserialization in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2019-0192)
Summary In Solr the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of unsafe deserialization in Solr to trigger remote code execution on the Solr side. Vulnerability Details CVEID: CVE-2019-0192...
Apache Solr Config API Insecure Deserialization Remote Code Execution (CVE-2019-0192)
An insecure deserialization vulnerability has been reported in Apache Solr. This vulnerability is due to the insufficient validation of requests to the Config API. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the Config API...
Apache Solr 5.x <= 5.5.5 or 6.x <= 6.6.5 Deserialization Vulnerability
The version of Apache Solr running on the remote web server is affected by a remote code execution vulnerability in the Config API due to unsafe deserialization of Java objects. An unauthenticated, remote attacker can exploit this, via an HTTP POST request that points the JMX server to a maliciou...
CVE-2019-0192
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side...
CVE-2019-0192
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side...
CVE-2019-0192
Apache Solr CVE-2019-0192 affects Solr 5.0.0–5.5.5 and 6.0.0–6.6.5. The Config API can configure the JMX server via HTTP POST; if pointed to a malicious RMI server, Solr’s unsafe deserialization can trigger remote code execution on the Solr side. Evidence in connected docs includes Nuclei templat...
CVE-2019-0192
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side...