{"containers": {"cna": {"affected": [{"product": "Solr", "vendor": "Apache", "versions": [{"status": "affected", "version": "8.1.1 and 8.2.0 for Linux"}]}], "descriptions": [{"lang": "en", "value": "The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server."}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-21T13:51:51", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "[lucene-solr-user] 20191118 CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d%40%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20191118 [jira] [Commented] (SOLR-13647) CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ce7c0b456b15f6c7518adefa54ec948fed6de8e951a2584500c1e541%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20191118 [jira] [Updated] (SOLR-13647) CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/925cdb49ceae78baddb45da7beb9b4d2b1ddc4a8e318c65e91fb4e87%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-general] 20191118 CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/a044eae4f6f5b0160ece5bf9cc4c0dad90ce7dd9bb210a9dc50b54be%40%3Cgeneral.lucene.apache.org%3E"}, {"name": "[announce] 20191118 [CVE-2019-12409] Apache Solr RCE vulnerability due to bad config default", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/47e112035b4aa67ece3b75dbcd1b9c9212895b9dfe2a71f6f7c174e2%40%3Cannounce.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K23720587?utm_source=f5support&amp%3Butm_medium=RSS"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE%20Vulnerability%20Due%20to%20Bad%20Defalut%20Config-Apache%20Solr"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2019-12409", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Solr", "version": {"version_data": [{"version_value": "8.1.1 and 8.2.0 for Linux"}]}}]}, "vendor_name": "Apache"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Code Execution"}]}]}, "references": {"reference_data": [{"name": "[lucene-solr-user] 20191118 CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d@%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20191118 [jira] [Commented] (SOLR-13647) CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ce7c0b456b15f6c7518adefa54ec948fed6de8e951a2584500c1e541@%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20191118 [jira] [Updated] (SOLR-13647) CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/925cdb49ceae78baddb45da7beb9b4d2b1ddc4a8e318c65e91fb4e87@%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-general] 20191118 CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/a044eae4f6f5b0160ece5bf9cc4c0dad90ce7dd9bb210a9dc50b54be@%3Cgeneral.lucene.apache.org%3E"}, {"name": "[announce] 20191118 [CVE-2019-12409] Apache Solr RCE vulnerability due to bad config default", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/47e112035b4aa67ece3b75dbcd1b9c9212895b9dfe2a71f6f7c174e2@%3Cannounce.apache.org%3E"}, {"name": "https://support.f5.com/csp/article/K23720587?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K23720587?utm_source=f5support&utm_medium=RSS"}, {"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE%20Vulnerability%20Due%20to%20Bad%20Defalut%20Config-Apache%20Solr", "refsource": "MISC", "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE%20Vulnerability%20Due%20to%20Bad%20Defalut%20Config-Apache%20Solr"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:17:39.994Z"}, "title": "CVE Program Container", "references": [{"name": "[lucene-solr-user] 20191118 CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d%40%3Csolr-user.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20191118 [jira] [Commented] (SOLR-13647) CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ce7c0b456b15f6c7518adefa54ec948fed6de8e951a2584500c1e541%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-issues] 20191118 [jira] [Updated] (SOLR-13647) CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/925cdb49ceae78baddb45da7beb9b4d2b1ddc4a8e318c65e91fb4e87%40%3Cissues.lucene.apache.org%3E"}, {"name": "[lucene-general] 20191118 CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/a044eae4f6f5b0160ece5bf9cc4c0dad90ce7dd9bb210a9dc50b54be%40%3Cgeneral.lucene.apache.org%3E"}, {"name": "[announce] 20191118 [CVE-2019-12409] Apache Solr RCE vulnerability due to bad config default", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/47e112035b4aa67ece3b75dbcd1b9c9212895b9dfe2a71f6f7c174e2%40%3Cannounce.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K23720587?utm_source=f5support&amp%3Butm_medium=RSS"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE%20Vulnerability%20Due%20to%20Bad%20Defalut%20Config-Apache%20Solr"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2019-12409", "datePublished": "2019-11-18T20:50:59", "dateReserved": "2019-05-28T00:00:00", "dateUpdated": "2024-08-04T23:17:39.994Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:solr:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "30628640-AADA-47CC-998E-3691996C100E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:solr:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E529945-7479-4C81-AA5A-71F16A7C13BB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server."}, {"lang": "es", "value": "Apache Solr versiones 8.1.1 y 8.2.0, contiene una configuraci\u00f3n no segura para la opci\u00f3n de configuraci\u00f3n ENABLE_REMOTE_JMX_OPTS en el archivo de configuraci\u00f3n predeterminado solr.in.sh enviado con Solr. Si utiliza el archivo predeterminado solr.in.sh de las versiones afectadas, entonces la supervisi\u00f3n JMX ser\u00e1 habilitada y expuesta en RMI_PORT (default=18983), sin ninguna autenticaci\u00f3n. Si este puerto est\u00e1 abierto para el tr\u00e1fico dentro del l\u00edmite en su firewall, cualquier persona con acceso de red para sus nodos de Solr podr\u00e1 acceder a JMX, lo que a su vez les permitir\u00e1 cargar c\u00f3digo malicioso para su ejecuci\u00f3n sobre el servidor de Solr."}], "id": "CVE-2019-12409", "lastModified": "2023-11-07T03:03:33.883", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-18T21:15:11.857", "references": [{"source": "security@apache.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE%20Vulnerability%20Due%20to%20Bad%20Defalut%20Config-Apache%20Solr"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/47e112035b4aa67ece3b75dbcd1b9c9212895b9dfe2a71f6f7c174e2%40%3Cannounce.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d%40%3Csolr-user.lucene.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/925cdb49ceae78baddb45da7beb9b4d2b1ddc4a8e318c65e91fb4e87%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/a044eae4f6f5b0160ece5bf9cc4c0dad90ce7dd9bb210a9dc50b54be%40%3Cgeneral.lucene.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/ce7c0b456b15f6c7518adefa54ec948fed6de8e951a2584500c1e541%40%3Cissues.lucene.apache.org%3E"}, {"source": "security@apache.org", "url": "https://support.f5.com/csp/article/K23720587?utm_source=f5support&amp%3Butm_medium=RSS"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "solr: JMX monitoring service exposed without authentication in default configuration", "id": "1774734", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774734"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-306", "details": ["The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server.", "A flaw was discovered in Apache Solr, where it contains an insecure setting in the default configuration that exposes unauthenticated access to the JMX monitoring service. This flaw allows an attacker to upload malicious code for execution on the Solr server."], "mitigation": {"lang": "en:us", "value": "Per Solr guidance: \"Make sure your effective solr.in.sh file has ENABLE_REMOTE_JMX_OPTS set to 'false' on every Solr node and then restart Solr. Note that the effective solr.in.sh file may reside in /etc/defaults/ or another location depending on the install. You can then validate that the 'com.sun.management.jmxremote*' family of properties are not listed in the \"Java Properties\" section of the Solr Admin UI, or configured in a secure way. There is no need to upgrade or update any code.\""}, "name": "CVE-2019-12409", "package_state": [{"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Not affected", "package_name": "solr-core", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "solr-core", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "solr-core", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "solr-core", "product_name": "Red Hat JBoss Fuse Service Works 6"}], "public_date": "2019-11-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-12409\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12409\nhttps://lucene.apache.org/solr/news.html#18-november-2019-cve-2019-12409-apache-solr-rce-vulnerability-due-to-bad-config-default"], "threat_severity": "Important"}