SVE-002338 | Date: (C)2021-05-24 (M)2021-06-06 |
Apache Solr Remote Code Execution Vulnerability. Apache Solr is prone to a Remote Code Execution Vulnerability. The flaw exists because the application allows an attacker to directly access the Solr console and make changes to the node's configuration file by sending a POST request like '/nodename/config'. An attacker can construct a crafted request by specifying the the loading of related resources by setting the parameters when 'params.resource.loader.enabled' is set to true. This can lead to execution of arbitrary code.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 9.8 | CVSS Score : 10.0 |
Exploit Score: 3.9 | Exploit Score: 10.0 |
Impact Score: 5.9 | Impact Score: 10.0 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: NETWORK | Access Vector: NETWORK |
Attack Complexity: LOW | Access Complexity: LOW |
Privileges Required: NONE | Authentication: NONE |
User Interaction: NONE | Confidentiality: COMPLETE |
Scope: UNCHANGED | Integrity: COMPLETE |
Confidentiality: HIGH | Availability: COMPLETE |
Integrity: HIGH | |
Availability: HIGH | |
| |