Title: CVE-2019-0192: Deserialization of untrusted data via jmx.serviceUrl in Apache Solr category: solr/security cve: CVE-2019-0192
Severity: High
Vendor:
The Apache Software Foundation
Versions Affected:
Description:
ConfigAPI allows to configure Solr‘s JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr’s unsafe deserialization to trigger remote code execution on the Solr side.
Mitigation:
Any of the following are enough to prevent this vulnerability:
Credit:
Michael Stepankin
References: