Strike ID:
E19-0quo1
CVSS:
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
False Positive:
t
Variants:
5
Year:
2019

Description

This strike exploits an insecure deserialization vulnerability in Apache Solr. The vulnerability is due to insufficient sanitization of requests made to the Config API. This vulnerability can be exploited by sending a specially crafted HTTP request to the Config API. Successful exploitation could lead to remote code execution withing the context of the server.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}