A bug impacting the Linux enterprise-search platform called Apache Solr has been revised from low to high-severity after researchers discovered a new remote code execution exploit. The warning comes from Tenable, which is reporting that the newly-identified default configuration vulnerability could allow attackers to remotely execute code on affected hardware. The vulnerability (CVE-2019-12409) was first reported in July and patched in August. “Originally, the issue surfaced as being a low severity warning where anyone with access to the Java Management Extensions (JMX) port would be able to access monitoring data exposed over JMX,” said Scott Caveza, research engineering manager at Tenable. Since the bug was initially discovered, researchers have reevaluated the threat and escalated its severity to high-risk. “It appears a researcher reported that remote code execution was achievable and the vendor revised the bug report to reflect this and add the CVE,” Caveza told Threatpost. “The original notice about the low severity issue was on August 14, but the JIRA issue with the bug report (originally filed in July) was amended and updated.” Public disclosure and a security bulletin for the more serious RCE exploit was issued Tuesday. That flaw is tied to a configuration issue the solr.in.sh file in Apache Solr. “An unauthenticated attacker with the ability to reach the RMI port could leverage the vulnerability to upload malicious code to the server and then install a shell to…
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
205 Rockingham Row, Princeton, NJ 08540
315 West 36th Street, New York, NY 10018
(212) 696-0500
hello@govanguard.com
PGP: 0xE5D39775A0C6351B
For more information about PGP please see “What PGP is, and why You should use it”.
Data Privacy Notice
Content Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email hello@gvit.com