Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
This vulnerability is well known, and public exploit code is available. An unauthenticated attacker can conduct malicious activity such as establishing command-and-control communication, installing malware, or performing reconnaissance through a reverse shell on a compromised device.
Kill Chain
Risk Score
64
Apache Solr is a Java-based search platform for enterprise software. Solr supports DataImportHandler (DIH), an optional plugin for uploading structured data from databases and other sources. DIH enables administrators to remotely change the entire DIH configuration through an HTTP request with a dataConfig parameter. Because the parameter string can include malicious scripts or code, DIH is vulnerable to remote code execution (RCE). An attacker sends an HTTP request with a malicious dataConfig parameter string in the URI or a payload in the HTTP request body. The malicious code or script runs on the Apache server. For example, an attacker can incorporate shellcode into the parameter string to create a reverse shell and run commands on the victim.
Upgrade to Solr 8.2.0 or later
If unable to upgrade, edit solrconfig.xml to include an empty string in the dataConfig parameter "invariants" list section for all DataImportHandler usages
Restrict access to Apache Solr DIH request handler to authorized users only
