Your submission was sent successfully! Close

CVE-2019-0192

Published: 7 March 2019

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
lucene-solr
Launchpad, Ubuntu, Debian
bionic Needs triage

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)