On October 12, 2020, Apache Solr issued
a risk notice on solr file upload vulnerability, the vulnerability number is CVE-2020-13957, vulnerability level is a high risk. Attackers can perform unauthorized operations on the ConfigSet API by combining the two ACTIONs of UPLOAD/CREATE, which can cause the impact of obtaining server permissions.
Solr is an open-source enterprise-search platform, written in Java, from the Apache Lucene project. Its major features include full-text search, hit highlighting, faceted search, real-time indexing, dynamic clustering, database integration, NoSQL features, and rich document handling.
Solr prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that’s uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.
- Apache Solr 6.6.0 to 6.6.5
- Apache Solr 7.0.0 to 7.7.3
- Apache Solr 8.0.0 to 8.6.2
In this regard, we recommend that users upgrade Solr to the latest version in time.
Any of the following are enough to prevent this vulnerability:
* Disable UPLOAD command in ConfigSets API if not used by setting the system property: “configset.upload.enabled” to “false”
* Use Authentication/Authorization and make sure unknown requests aren’t allowed
* Upgrade to Solr 8.6.3 or greater.
* If upgrading is not an option, consider applying the patch in SOLR-14663
* No Solr API, including the Admin UI, is designed to be exposed to non-trusted parties. Tune your firewall so that only trusted computers and people are allowed access
The post CVE-2020-13957: Apache Solr ConfigSet Remote Code Execution Vulnerability Alert appeared first on InfoTech News.