漏洞描述
该漏洞来源于VelocityResponseWriter,由于用户自定义的 configset可能包含可呈现的、潜在恶意的模板,默认情况下,官方提供的参数模板是禁用的,然而攻击者可以通过定义一个将该配置设置为 "true" 的响应写入器来启用"parms.resource.loader. loader",从而达到远程代码执行的目的。
Apache Solr 远程命令执行漏洞(CVE-2019-17558)
PoC代码
暂无相关漏洞推荐
- CVE-2019-17558: Apache Solr Velocity Template RCE
- solr-file-read: Apache Solr <= 8.8.1 Arbitrary File Read
- Apache Solr /solr/admin/cores XML 外部实体注入漏洞(CVE-2017-12629)
- POC CVE-2017-12629: Apache Solr <= 7.1 - XML Entity Injection
- POC CVE-2019-0192: Apache Solr - Deserialization of Untrusted Data
- POC CVE-2019-0193: Apache Solr DataImportHandler <8.2.0 - Remote Code Execution
- POC CVE-2019-17558: Apache Solr <=8.3.1 - Remote Code Execution
- POC CVE-2021-27905: Apache Solr <=8.8.1 - Server-Side Request Forgery
- POC CVE-2023-50290: Apache Solr - Host Environment Variables Leak via Metrics API
- POC CVE-2024-45216: Apache Solr - Authentication Bypass
- POC CVE-2017-12629: Apache Solr <= 7.1 XML entity injection
- POC CVE-2019-0193: Apache Solr Remote Code Execution
- POC CVE-2021-27905: Apache Solr <= 8.8.1 SSRF