漏洞描述
【漏洞对象】Apache Solr 【涉及版本】Apache Solr 5.x - 8.2.0,存在config API版本 【漏洞描述】Solr中存在VelocityResponseWriter组件,攻击者可以构造特定请求修改相关配置,使VelocityResponseWriter组件允许加载指定模板,进而导致Velocity模版注入远程命令执行漏洞,攻击者利用该漏洞可以直接获取到服务器权限。
Apache-Solr模板注入远程代码执行漏洞(CVE-2019-0193)
PoC代码
暂无相关漏洞推荐
- CVE-2019-17558: Apache Solr Velocity Template RCE
- solr-file-read: Apache Solr <= 8.8.1 Arbitrary File Read
- Apache Solr /solr/admin/cores XML 外部实体注入漏洞(CVE-2017-12629)
- POC CVE-2017-12629: Apache Solr <= 7.1 - XML Entity Injection
- POC CVE-2019-0192: Apache Solr - Deserialization of Untrusted Data
- POC CVE-2019-0193: Apache Solr DataImportHandler <8.2.0 - Remote Code Execution
- POC CVE-2019-17558: Apache Solr <=8.3.1 - Remote Code Execution
- POC CVE-2021-27905: Apache Solr <=8.8.1 - Server-Side Request Forgery
- POC CVE-2023-50290: Apache Solr - Host Environment Variables Leak via Metrics API
- POC CVE-2024-45216: Apache Solr - Authentication Bypass
- POC CVE-2017-12629: Apache Solr <= 7.1 XML entity injection
- POC CVE-2019-0193: Apache Solr Remote Code Execution
- POC CVE-2021-27905: Apache Solr <= 8.8.1 SSRF