Saturday, April 17, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Exploit code published for dangerous Apache Solr remote code execution flaw

November 26, 2019
in Internet Security
Exploit code published for dangerous Apache Solr remote code execution flaw
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Confusion still surrounds a security bug that the Apache Solr team patched over the summer, which turns out it’s actually much more dangerous than anyone thought.

Apache Solr is a Java-based open-source search engine, initially developed to add search functionality to the CNET website.

You might also like

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

Google Project Zero testing 30-day grace period on bug details to boost user patching

Cyberattack on UK university knocks out online learning, Teams and Zoom

The project was donated to the Apache Software Foundation in 2006, from where it gained worldwide usage due to its speed and expanded feature-set.

Issue reported months ago

Over the summer, a user named “jnyryan” reported to the Solr project that the default solr.in.sh configuration file that is included with all new Solr instances contained an insecure option.

The default config shipped with the ENABLE_REMOTE_JMX_OPTS option set to enabled, which, in turn, exposed port 8983 to remote connections.

At the time it was reported, the Apache Solr team didn’t see the issue as a big deal, and developers thought an attacker could only access (useless) Solr monitoring data, and nothing else.

Things turned out to be much worse when, on October 30, a user published proof-of-concept code on GitHub showing how an attacker could abuse the very same issue for “remote code execution” (RCE) attacks. The proof-of-concept code used the exposed 8983 port to enable support for Apache Velocity templates on the Solr server and then used this second feature to upload and run malicious code.

A second, more refined proof-of-concept code was published online two days later, making attacks even easier to execute.

It was only after the publication of this code that the Solr team realized how dangerous this bug really was. On November 15, they issued an updated security advisory. In its updated alert, the Solr team recommended that Solr admins set the ENABLE_REMOTE_JMX_OPTS option in the solr.in.sh config file to “false” on every Solr node and then restart Solr.

They also recommend that users keep Solr servers behind firewalls, as these systems were never designed to sit exposed on the internet, but only part of closed and tightly monitored internal networks.

The Solr team said that only Solr versions running on Linux are impacted.

However, there is still some mystery about what versions are impacted. In its security advisory, the Solr team said that only v8.1.1 and v8.2.0 are vulnerable, but, in a blog post last week, the Tenable research team said that the impact is much greater, with the vulnerability affecting all Solr versions from v7.7.2 to v8.3, the latest version.

No attacks detected, but are expected

The good news is that at the time of writing, no attacks have been detected in the wild. However, this is only a matter of time.

Apache Solr instances usually have access to large computational resources and, historically, have been highly sought after targets by malware gangs.

For example, CVE-2017-12629 and CVE-2019-0193 were targeted by hackers within weeks after details and exploit code became public. In both instances, attackers used the two vulnerabilities to gain access to Solr servers and plant cryptocurrency-mining malware on unpatched servers.

Because we already know this new Solr bug can lead to remote code execution and we have readily-available public exploit code, experts expect this security flaw to come under active attacks within days or weeks.

This new Solr bug is tracked as CVE-2019-12409.

Credit: Zdnet

Previous Post

Orchestrating Dynamic Reports in Python and R with Rmd Files

Next Post

How Conversational AI creates new business cases

Related Posts

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

April 17, 2021
Google Project Zero testing 30-day grace period on bug details to boost user patching
Internet Security

Google Project Zero testing 30-day grace period on bug details to boost user patching

April 17, 2021
Cyberattack on UK university knocks out online learning, Teams and Zoom
Internet Security

Cyberattack on UK university knocks out online learning, Teams and Zoom

April 17, 2021
Google backs new security standard for smartphone VPN apps
Internet Security

Google backs new security standard for smartphone VPN apps

April 16, 2021
Mozilla to start disabling FTP next week with removal set for Firefox 90
Internet Security

Mozilla to start disabling FTP next week with removal set for Firefox 90

April 16, 2021
Next Post
How Conversational AI creates new business cases

How Conversational AI creates new business cases

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

April 17, 2021
Machine learning can be your best bet to transform your career
Machine Learning

Machine learning can be your best bet to transform your career

April 17, 2021
AI and Human Rights, A Story About Equality | by bundleIQ | Mar, 2021
Neural Networks

AI and Human Rights, A Story About Equality | by bundleIQ | Mar, 2021

April 17, 2021
Monitor Your SEO Placement with SEObase
Learn to Code

Monitor Your SEO Placement with SEObase

April 17, 2021
Google Project Zero testing 30-day grace period on bug details to boost user patching
Internet Security

Google Project Zero testing 30-day grace period on bug details to boost user patching

April 17, 2021
Teslafan, a Blockchain-Powered Machine Learning Technology Project, Receives Investment Prior to the ICO
Machine Learning

Teslafan, a Blockchain-Powered Machine Learning Technology Project, Receives Investment Prior to the ICO

April 17, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack April 17, 2021
  • Machine learning can be your best bet to transform your career April 17, 2021
  • AI and Human Rights, A Story About Equality | by bundleIQ | Mar, 2021 April 17, 2021
  • Monitor Your SEO Placement with SEObase April 17, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates