CVE-2019-0192
CVSS v3.0
9.8 (Critical)
CVSS v2.0
7.5 (High)
EPSS
94.75 % (99th)
Affected Products
2
Advisories
1
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.
Weaknesses
- CWE-502
- Deserialization of Untrusted Data
- CVE Status
- PUBLISHED
- CNA
- Apache Software Foundation
- Published Date
-
2019-03-07 21:29:00
(5 years ago) - Updated Date
-
2023-11-07 03:01:47
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...