Two remote code execution (RCE) vulnerabilities in Apache Solr could be exploited by attackers to compromise the underlying server.
One – CVE-2019-12409 – has already been patched, while the other – currently without a CVE number – seems to still be unpatched. Proof of concept exploit code for both is available on GitHub.
In the past, attackers have been known to exploit vulnerabilities in Apache Solr to compromise servers and saddle them with crypto-mining malware.
About Apache Solr
Initially an in-house project at CNET Networks, Apache Solr has been open-sourced and donated to the Apache Software Foundation in 2006. A thriving community of users and contributors (both individuals and companies) has since sprung up around it.
Solr is widely used for enterprise search and analytics, and is bundled with many applications and supported in vario ..
Support the originator by clicking the read the rest link below.
