CVE-2019-12409

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-12409

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12409.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-12409

Aliases

GHSA-2289-pqfq-6wx7

Published

2019-11-18T21:15:11Z

Modified

2024-09-03T02:25:30.610252Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLEREMOTEJMXOPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMIPORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server.

References

Affected packages

Git / github.com/apache/lucene-solr

Affected ranges

Type: GIT
Repo: https://github.com/apache/lucene-solr
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

31d7ec7bbfdcd2c4cc61d9d35e962165410b65fe

Last affected

fcbe46c28cef11bc058779afba09521de1b19bef

Affected versions

Other

grafts/lucene-oldest

grafts/lucene-solr-copy

grafts/lucene-solr-oldest-merged

grafts/solr-incubator-latest

grafts/solr-incubator-oldest

grafts/solr-latest

grafts/solr-oldest

history/branches/lucene-solr/LUCENE-5622

history/branches/lucene-solr/LUCENE2793

history/branches/lucene-solr/cleanup2878

history/branches/lucene-solr/docvalues

history/branches/lucene-solr/jira/lucene-5438-nrt-replication

history/branches/lucene-solr/lucene-6835

history/branches/lucene-solr/lucene-6997

history/branches/lucene-solr/lucene2510

history/branches/lucene-solr/lucene2858

history/branches/lucene-solr/lucene3069

history/branches/lucene-solr/lucene3312

history/branches/lucene-solr/lucene3606

history/branches/lucene-solr/lucene3661

history/branches/lucene-solr/lucene3795_lsp_spatial_module

history/branches/lucene-solr/lucene3846

history/branches/lucene-solr/lucene3969

history/branches/lucene-solr/lucene4055

history/branches/lucene-solr/lucene4199

history/branches/lucene-solr/lucene4236

history/branches/lucene-solr/lucene4335

history/branches/lucene-solr/lucene4446

history/branches/lucene-solr/lucene4547

history/branches/lucene-solr/lucene4765

history/branches/lucene-solr/lucene5178

history/branches/lucene-solr/lucene5207

history/branches/lucene-solr/lucene5339

history/branches/lucene-solr/lucene539399

history/branches/lucene-solr/lucene5468

history/branches/lucene-solr/lucene5487

history/branches/lucene-solr/lucene5493

history/branches/lucene-solr/lucene5611

history/branches/lucene-solr/lucene5666

history/branches/lucene-solr/lucene5675

history/branches/lucene-solr/lucene5752

history/branches/lucene-solr/lucene5858

history/branches/lucene-solr/lucene5969

history/branches/lucene-solr/lucene5995

history/branches/lucene-solr/lucene6196

history/branches/lucene-solr/lucene6238

history/branches/lucene-solr/lucene6271

history/branches/lucene-solr/lucene6299

history/branches/lucene-solr/lucene6487

history/branches/lucene-solr/pforcodec_3892

history/branches/lucene-solr/preflexfixes

history/branches/lucene-solr/realtime_search

history/branches/lucene-solr/slowclosing

history/branches/lucene-solr/solr2452

history/branches/lucene-solr/solr3733

history/branches/lucene-solr/solr5914

history/branches/lucene-solr/solr7787

releases/lucene-solr/8.*

releases/lucene-solr/8.1.0

releases/lucene-solr/8.1.1

releases/lucene-solr/8.2.0