1. Home
  2. Vulnerabilities
  3. CVE-2019-0192

CVE-2019-0192

CVSS v3.0 9.8 (Critical)
98% Progress
CVSS v2.0 7.5 (High)
75% Progress
EPSS 94.75 % (99th)
94.75% Progress
Affected Products 2
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.

Weaknesses
CWE-502
Deserialization of Untrusted Data
CVE Status
PUBLISHED
CNA
Apache Software Foundation
Published Date
2019-03-07 21:29:00
(5 years ago)
Updated Date
2023-11-07 03:01:47
(10 months ago)

Affected Products

Apache

Netapp

Configuration #1

    CPE23 From Up To
  Apache Solr from 5.0.0 version and 5.5.5 and prior versions cpe:2.3:a:apache:solr >= 5.0.0 <= 5.5.5
  Apache Solr from 6.0.0 version and 6.6.5 and prior versions cpe:2.3:a:apache:solr >= 6.0.0 <= 6.6.5

Configuration #2

    CPE23 From Up To
  Netapp Storage Automation Store cpe:2.3:a:netapp:storage_automation_store:-