Critical severityNVD Advisory· Published Mar 7, 2019· Updated Sep 16, 2024
CVE-2019-0192
CVE-2019-0192
Description
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.solr:solr-coreMaven | >= 5.0.0, < 7.0.0 | 7.0.0 |
org.apache.solr:solr-coreMaven | >= 6.0.0, < 7.0.0 | 7.0.0 |
Affected products
2Patches
Vulnerability mechanics
References
25- access.redhat.com/errata/RHSA-2019:2413ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-xhcq-fv7x-grr2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-0192ghsaADVISORY
- mail-archives.us.apache.org/mod_mbox/www-announce/201903.mbox/%3CCAECwjAV1buZwg%2BMcV9EAQ19MeAWztPVJYD4zGK8kQdADFYij1w%40mail.gmail.com%3Eghsamailing-listx_refsource_MLISTWEB
- www.securityfocus.com/bid/107318ghsavdb-entryx_refsource_BIDWEB
- lists.apache.org/thread.html/42c5682f4acd1d03bd963e4f47ae448d7cff66c16b19142773818892%40%3Cdev.lucene.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/42c5682f4acd1d03bd963e4f47ae448d7cff66c16b19142773818892@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/53e4744b14fb7f1810405f8ff5531ab0953a23dd09ce8071ce87e00d%40%3Cdev.lucene.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/53e4744b14fb7f1810405f8ff5531ab0953a23dd09ce8071ce87e00d@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/b0ace855f569c6b7a0b03ba68566e53b1a1a519abd536bf38978ce4a%40%3Cdev.lucene.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/b0ace855f569c6b7a0b03ba68566e53b1a1a519abd536bf38978ce4a@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3EghsaWEB
- lists.apache.org/thread.html/d0e608c681dfbb16b4da68d99d43fa0ddbd366bb3bcf5bc0d43c56d7%40%3Cdev.lucene.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/d0e608c681dfbb16b4da68d99d43fa0ddbd366bb3bcf5bc0d43c56d7@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/ec9c572fb803b26ba0318777977ee6d6a2fb3a2c50d9b4224e541d5d%40%3Cdev.lucene.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/ec9c572fb803b26ba0318777977ee6d6a2fb3a2c50d9b4224e541d5d@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3EghsaWEB
- security.netapp.com/advisory/ntap-20190327-0003ghsaWEB
- security.netapp.com/advisory/ntap-20190327-0003/mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpuoct2020.htmlghsax_refsource_MISCWEB
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.