CVE-2019-0192
Description
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apache Solr Config API allows an attacker to configure a malicious JMX server via an HTTP POST request, leading to remote code execution through unsafe deserialization.
Vulnerability
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows configuration of a JMX server via an HTTP POST request [1][3]. When the handler processes a request to set the jmx.serviceUrl property, it performs unsafe deserialization of objects from the specified RMI server. This affects solr-core Maven package [3].
Exploitation
An attacker sends a crafted HTTP POST request to the Config API endpoint, pointing the jmx.serviceUrl to a malicious RMI server [1][3]. No authentication is required to reach this API. The Solr server then contacts the attacker-controlled RMI server and deserializes arbitrary Java objects supplied by the attacker, allowing code execution without user interaction.
Impact
Successful exploitation results in remote code execution (RCE) in the context of the Solr server process [1][2]. The attacker gains full control over the Solr instance and potentially the underlying host, compromising confidentiality, integrity, and availability of Solr-managed data and the system.
Mitigation
Fixed in Apache Solr version 7.0.0 for all affected branches [1][3]. Red Hat Fuse 7.4.0 includes the fix for Red Hat customers [2]. No workaround is available; users must upgrade to Solr 7.0.0 or later. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.solr:solr-coreMaven | >= 5.0.0, < 7.0.0 | 7.0.0 |
org.apache.solr:solr-coreMaven | >= 6.0.0, < 7.0.0 | 7.0.0 |
Affected products
2- Apache Software Foundation/Apache Solrv5Range: Apache Solr 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
25- access.redhat.com/errata/RHSA-2019:2413ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-xhcq-fv7x-grr2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-0192ghsaADVISORY
- mail-archives.us.apache.org/mod_mbox/www-announce/201903.mbox/%3CCAECwjAV1buZwg%2BMcV9EAQ19MeAWztPVJYD4zGK8kQdADFYij1w%40mail.gmail.com%3Eghsamailing-listx_refsource_MLISTWEB
- www.securityfocus.com/bid/107318ghsavdb-entryx_refsource_BIDWEB
- lists.apache.org/thread.html/42c5682f4acd1d03bd963e4f47ae448d7cff66c16b19142773818892%40%3Cdev.lucene.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/42c5682f4acd1d03bd963e4f47ae448d7cff66c16b19142773818892@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/53e4744b14fb7f1810405f8ff5531ab0953a23dd09ce8071ce87e00d%40%3Cdev.lucene.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/53e4744b14fb7f1810405f8ff5531ab0953a23dd09ce8071ce87e00d@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/b0ace855f569c6b7a0b03ba68566e53b1a1a519abd536bf38978ce4a%40%3Cdev.lucene.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/b0ace855f569c6b7a0b03ba68566e53b1a1a519abd536bf38978ce4a@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3EghsaWEB
- lists.apache.org/thread.html/d0e608c681dfbb16b4da68d99d43fa0ddbd366bb3bcf5bc0d43c56d7%40%3Cdev.lucene.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/d0e608c681dfbb16b4da68d99d43fa0ddbd366bb3bcf5bc0d43c56d7@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/ec9c572fb803b26ba0318777977ee6d6a2fb3a2c50d9b4224e541d5d%40%3Cdev.lucene.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/ec9c572fb803b26ba0318777977ee6d6a2fb3a2c50d9b4224e541d5d@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8%40%3Ccommits.submarine.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rc400db37710ee79378b6c52de3640493ff538c2beb41cefdbbdf2ab8@%3Ccommits.submarine.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3EghsaWEB
- security.netapp.com/advisory/ntap-20190327-0003ghsaWEB
- security.netapp.com/advisory/ntap-20190327-0003/mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpuoct2020.htmlghsax_refsource_MISCWEB
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.