An Apache Solr configuration issue reported in July is turning into a higher-severity issue than originally thought. Solr is an enterprise search platform that powers the search feature of many of the world’s largest websites. After a user named “jnyryan” reported the issue to Apache, the Apache Solr team categorized it as low priority because it was assumed that the only data exposed would be Solr monitoring data, which is not sensitive. CVE-2019-12409 is a vulnerability caused by a default configuration option exposing Apache Solr to any remote connection over port 18983. At least two proof of concept remote code execution scripts has been published to GitHub since the original vulnerability was disclosed, causing Apache to realize just how serious the issue actually was. On November 18th Apache updated its security advisory with a high severity rating.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased