Exploit code published for two dangerous Apache Solr remote code execution flaws
Proof of concept exploit code was published online this month for two Apache Solr vulnerabilities, signaling that attacks are probably on their way as hackers will find ways to weaponize the two exploits inside their botnets.
Of the two bugs, one received a patch over the summer, while the second has yet to be addressed by the Solr team.
Attacks are bound to happen as Apache Solr is an advanced tool that is often used inside enterprise networks to support powerful data search functions, making a perfect trget for hackers looking for ways inside high-value networks or into servers with access to large computational resources. The first bug is an issue that was reported and fixed over the summer. The bug, tracked as CVE-2019-12409, refers to a default setting in the solr.in.sh configuration file that is included with all new Solr instances.