Apache Solr for Linux CVE-2019-12409 Remote Code Execution Vulnerability

Description

Apache Solr for Linux is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Apache Solr for Linux versions 8.1.1 and 8.2.0 are vulnerable.

Technologies Affected

• Apache Solr 8.1.1
• Apache Solr 8.2.0

Recommendations

Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.

Run all software as a nonprivileged user with minimal access rights.
Run all non-administrative software as a non-administrative user with the least amount of privileges required to successfully operate. This will greatly reduce the potential damage that successful exploitation may achieve.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.

Implement multiple redundant layers of security.
Memory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.

Updates are available. Please see the references or vendor advisory for more information.