CVE-2019-12409: Default Configuration in Apache Solr Could Lead to Remote Code Execution
Linux servers using Apache Solr versions 8.1.1 and 8.2.0 with default configurations are potentially vulnerable to remote code execution.
背景
On July 22, 2019, a configuration flaw in versions 8.1.1 and 8.2.0 was found in Apache Solr, the open-source search-engine platform. John Ryan originally reported the issue and credit was also given to Matei “Mal” Badanoiu for noting the flaw could lead to remote code execution (RCE).
分析
CVE-2019-12409 is a flaw in the default configuration of the solr.in.sh file in Apache Solr. If this file is used in its default configuration in versions 8.1.1 and 8.2.0, unauthenticated access to the Java Management Extensions (JMX) monitoring on the RMI_PORT (default 18983) is allowed. Anyone with access to a vulnerable Solr server, and, in turn, JMX, could upload malicious code that could then be executed.
概念验证
There is currently a proof of concept (PoC) available in a GitHub repository implementing the MJET script by MOGWAI LABS to create a reverse shell on a system with the vulnerable configuration.
CVE-2019-12409 Apache Solr RCE pic.twitter.com/NFClK5M5od
— Jas502n (@jas502n) November 19, 2019
解决方案
On November 18, Apache Solr revised the originally reported bug report after it was found that the flaw could lead to RCE. In addition, the Changelog highlighted this flaw as one of the fixes in Apache Solr version 8.3.
Per the security advisory, this vulnerability can also be remediated by setting the ENABLE_REMOTE_JMX_OPTS parameter to ’false’ in the solr.in.sh file. The change can be confirmed by ensuring the com.sun.management.jmxremote* properties are not listed in the Solr Admin interface under the Java Properties section.
识别受影响的系统
A list of Tenable plugins to identify this vulnerability will appear here as they’re released.
获取更多信息
- Solr Security Advisory
- Attacking RMI Based JMX Services
- Solr Bug Tracker for CVE-2019-12409
- GitHub Repository with PoC for CVE-2019-12409
加入 Tenable Community 中的 Tenable 安全响应团队
了解有关 Tenable 这款首创 Cyber Exposure 平台的更多信息,全面管理现代攻击面。
Get a free 60-day trial of Tenable.io Vulnerability Management.
Rody Quinlan
Staff Research Engineer, Security Response
Rody Quinlan previously worked at Tenable and in mid 2024 returned as a member of the Security Response Team (SRT). Prior to this he led the Security Operations team at Fenergo, a fintech unicorn, for a number of years delivering a number of functions including incident response, threat intelligence and vulnerability management. He has also worked previously as a Senior Threat & Vulnerability Management Analyst for one of Ireland's pillar banking institutions as well as a security supervisory role in a leading cloud providers data centers for a number of years. He holds and maintains a number of certifications too long to list here but can be found on his LinkedIn and Credly profiles, is an avid learner and usually has at least one course on the go at any given time.
工作外兴趣:Whether he’s holding a recurve or compound bow, Rody enjoys some downtime from screens on the archery range. He also enjoys building props from his favorite films and TV series and is an avid fan of Sir Terry Pratchett's works.
相关文章
Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)
Microsoft addresses 107 CVEs, including one zero-day vulnerability that was publicly disclosed....
From Vulnerability to Visibility: What the SharePoint Attacks Reveal About the Need for Proactive Cybersecurity
The recent exploitation of Microsoft SharePoint vulnerabilities highlights a critical gap in traditional, reactive cybersecurity strategies. Learn how a proactive exposure management approach empowers federal agencies to reduce risk, streamline operations and stay secure....
CVE-2025-53786: Frequently Asked Questions About Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability
Frequently asked questions about CVE-2025-53786, an elevation of privilege vulnerability affecting Microsoft Exchange Server Hybrid Deployments....
- Vulnerability Management