Skip to content
Right-Side-Virsec-Large Group-Dots-Light Sections
Nov 11, 2020 2:07:31 AM

CVE-2020-13957 Apache Solr RCE

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.

1.1        Vulnerability Summary

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.

Watch the video to learn more about this and other important vulnerabilities.

1.2        CVSS Score

The CVSS Base Score is 9.8 (Critical)

1.3        Affected Version

Apache Solr versions 6.6.0 to 6.6.6

Apache Solr versions 7.0.0 to 7.7.3

Apache Solr versions 8.0.0 to 8.6.2

The earliest vulnerable version was released on 06/06/2017. The exposure window is therefore over three years.

1.4        Vulnerability Attribution

This issue was reported publicly via the Apache Tomcat Users mailing list.

1.5        Risk Impact

Apache Solr is an open-source enterprise-search platform, written in Java, from the Apache Lucene project. Its major features include full-text search, hit highlighting, faceted search, real-time indexing, dynamic clustering, database integration, NoSQL features, and rich document handling.

A publicly disclosed exploit code is available here. Based on this link from 2010, Apache Solr has 31% share. Lot of companies use Apache Solr as part of their application stack for faster search, any such

vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS) and can cause loss of intellectual property data or could result in loss of million of dollars of business due to website being down.

1.6        Virsec Security Platform (VSP) Support

The Virsec Security Platform (VSP)-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.

VSP-Host FSM capability would also detect the attempt to place any malicious web shell on disk.

1.7        Reference Links

Download the full vulnerability report to learn more about this and other important vulnerabilities.

Right-Side-Virsec-Large Group-Dots-Light Sections