SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Apache Solr jmx.serviceUrl remote code execution attempt
This event is generated when remote code execution is attempted by setting jmx.serviceUrl to malicious url over HTTP POST Impact: Attempted Administrator Privilege Gain Details: In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. Ease of Attack:
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2019-0192 |
Loading description
|