CVE-2019-0193
CVE-2019-0193
In short
Apache Solr's DataImportHandler allows loading configuration from user requests, which can contain dangerous scripts. This creates a security hole where attackers could execute arbitrary code on the server.
Technical detail
CVE-2019-0193 affects Apache Solr's DataImportHandler module, which accepts DIH configuration via the 'dataConfig' request parameter. Since DIH configs support script execution, an unauthenticated remote attacker can inject malicious scripts through this parameter to achieve arbitrary code execution. Mitigation requires Java system property 'enable.dih.dataConfigParam' set to true (disabled by default in 8.2.0+).
Summary generated and translated by AI from the official description.
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Apache · Apache Solrpublic PoCs found — 5
githubgithub.com/jas502n/CVE-2019-0193★ 90githubgithub.com/1135/solr_exploit★ 65githubgithub.com/xConsoIe/CVE-2019-0193★ 7githubgithub.com/jaychouzzk/CVE-2019-0193-exp★ 1githubgithub.com/freeFV/ApacheSolrRCE★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://issues.apache.org/jira/browse/SOLR-13669https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/42cc4d334ba33905b872a0aa00d6a481391951c8b1450f01b077ce74%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/55880d48e38ba9e8c41a3b9e41051dbfdef63b86b0cfeb32967edf03%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/6f2d61bd8732224c5fd3bdd84798f8e01e4542d3ee2f527a52a81b83%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/7143983363f0ba463475be4a8b775077070a08dbf075449b7beb51ee%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/a6e3c09dba52b86d3a1273f82425973e1b0623c415d0e4f121d89eab%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/e85f735fad06a0fb46e74b7e6e9ce7ded20b59637cd9f993310f814d%40%3Cissues.lucene.apache.org%3Ehttps://lists.apache.org/thread.html/r140128dc6bb4f4e0b6a39e962c7ca25a8cbc8e48ed766176c931fccc%40%3Cusers.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r19d23e8640236a3058b4d6c23e5cd663fde182255f5a9d63e0606a66%40%3Cdev.lucene.apache.org%3E