====================================================================

                             CERT-Renater

                 Note d'Information No. 2019/VULN060

_____________________________________________________________________

DATE                : 07/03/2019

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Solr versions 5, 6 prior to
                                            7.0.

=====================================================================
http://mail-archives.apache.org/mod_mbox/www-announce/201903.mbox/%3cCAECwjAV1buZwg+McV9EAQ19MeAWztPVJYD4zGK8kQdADFYij1w@mail.gmail.com%3e
_____________________________________________________________________

Severity: High

Vendor: The Apache Software Foundation

Versions Affected:
5.0.0 to 5.5.5
6.0.0 to 6.6.5

Description:
ConfigAPI allows to configure Solr's JMX server via an HTTP POST
request.
By pointing it to a malicious RMI server, an attacker could take
advantage of Solr's unsafe deserialization to trigger remote code
execution on the Solr side.

Mitigation:
Any of the following are enough to prevent this vulnerability:
* Upgrade to Apache Solr 7.0 or later.
* Disable the ConfigAPI if not in use, by running Solr with the system
property “disable.configEdit=true”
* If upgrading or disabling the Config API are not viable options, apply
patch in [1] and re-compile Solr.
* Ensure your network settings are configured so that only trusted
traffic is allowed to ingress/egress your hosts running Solr.

Credit:
Michael Stepankin

References:
[1] https://issues.apache.org/jira/browse/SOLR-13301
[2] https://wiki.apache.org/solr/SolrSecurity

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================