So, the default configuration implies the included option ENABLE_REMOTE_JMX_OPTS, which, in turn, opens port 8983 for remote connections.
If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server”, — writes IS specialist, known as jnyryan.
Apache developers found this problem almost harmless, because in the worst case, an attacker could only access Solr monitoring data, which is particularly useless.
However, at the end of October, on GitHub was published a PoC exploit, demonstrating that an attacker could use the same problem to remotely execute arbitrary code (RCE). The exploit used open port 8983 to enable Apache Velocity templates on the Solr server, and then used this function to download and run malicious code. Worse, after a few days, a second, improved exploit appeared on the network, making it even easier to carry out attacks.
Read also: Phoenix keylogger disables more than 80 security products
After that, the developers realized their mistake and issued an updated security recommendation. The vulnerability is now tracked as CVE-2019-12409. Researchers remind users that it is better to keep Solr servers behind firewalls, since these systems should not openly “surf” the Internet.
It is still unclear which versions of Sorl are affected by the problem. Currently Solr developers write about versions 8.1.1 and 8.2.0, but Tenable experts report that the vulnerability is dangerous for Solr from version 7.7.2 to the latest version 8.3.
Make sure your effective solr.in.sh file has ENABLE_REMOTE_JMX_OPTS set to ‘false‘ on every Solr node and then restart Solr. Note that the effective solr.in.sh file may reside in /etc/defaults/ or another location depending on the install. You can then validate that the ‘com.sun.management.jmxremote*’ family of properties are not listed in the “Java Properties” section of the Solr Admin UI, or configured in a secure way.
About News-bpudepi.today News-bpudepi.today pop-ups can not launch out of the blue. If you have actually…
About Doguhtam.xyz Doguhtam.xyz pop-ups can not expose out of nowhere. If you have clicked some…
About News-xlixoti.com News-xlixoti.com pop-ups can not introduce out of nowhere. If you have actually clicked…
About Ducesousightion.com Ducesousightion.com pop-ups can not introduce out of the blue. If you have actually…
About News-xlabica.live News-xlabica.live pop-ups can not launch out of the blue. If you have actually…
About Mergechain.co.in Mergechain.co.in pop-ups can not expose out of the blue. If you have clicked…