Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
This vulnerability is well known and public exploit code is available. An unauthenticated attacker can conduct malicious activity such as command-and-control communication, exfiltration, discovery, or reconnaissance through a reverse shell on a compromised device.
Kill Chain
Risk Score
70
Apache Solr is a Java-based search platform for enterprise software. Solr supports VelocityResponseWriter, an optional plugin that enables core search features through a Java-based template engine. Apache Solr has a vulnerability in VelocityResponseWriter that allows an attacker to change a configuration value that enables RCE. Specifically, the attacker can define a response writer by setting the params.resource.loader.enabled value to true. (A response writer is an instance of VelocityResponseWriter that processes Solr requests with Velocity templates.) After the configuration is changed, the attacker performs RCE by sending a specially designed HTTP request to the Apache Solr server. The request includes a malicious custom template provided in either a query parameter or a payload in the HTTP request body. The custom template will run on arbitrary commands on the server. For example, an attacker can incorporate shellcode into the custom template to create a reverse shell and run commands on the victim.
Install relevant patch for affected versions
Disable Config API by restarting Solr with the parameter, -Disable.configEdit=false
If unable to disable Config API, restrict access to Apache Solr Config API to authorized users only
