Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-12409 PoC — Apache Solr 代码问题漏洞

Source
https://github.com/mbadanoiu/CVE-2019-12409
Associated Vulnerability
Title:Apache Solr 代码问题漏洞 (CVE-2019-12409)
Description:The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server.
Description
CVE-2019-12409: RCE Vulnerability Due to Bad Defalut Config in Apache Solr
Readme
# CVE-2019-12409: RCE Vulnerability Due to Bad Defalut Config in Apache Solr

The 8.1.1 and 8.2.0 releases of Apache Solr contains insecure setting in the default solr.in.sh configuration file shipping with Solr.
The setting that result in this vulnerability are:

In "solr.in.sh":
- ENABLE_REMOTE_JMX_OPTS="true" (Enables the JMX Service)

In "solr.cmd":
- -Dcom.sun.management.jmxremote.local.only=false (Allows Remote Access to JMX)
- -Dcom.sun.management.jmxremote.authenticate=false (Does not Require Valid Credentials)

**Note**: Windows users are not affected.

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://issues.apache.org/jira/browse/SOLR-13647).

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2019-12409/blob/main/Solr%20-%20CVE-2019-12409.pdf).

### Additional Information:

[PoC for exploiting CVE-2019-12409 using mjet](https://github.com/jas502n/CVE-2019-12409)

Another alternative tool for exploiting CVE-2019-12409 is [beanshooter](https://github.com/qtc-de/beanshooter).
File Snapshot

 [4.0K]  /data/pocs/c6c08c596c05e7f87941805d64d5287d9322a82b
├── [1.1K]  README.md
└── [1.6M]  Solr - CVE-2019-12409.pdf

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →