Security restrictions bypass in Apache Solr

1) Protection Mechanism Failure

EUVDB-ID: #VU47626

Risk: High

CVSSv4.0: 7.4 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2020-13957

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures, configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. A remote non-authenticated attacker can upload a specially crafted configuration and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apache Solr: 6.6 - 8.6.2

CPE2.3

• cpe:2.3:a:apache_foundation:apache_solr:6.6.6:*:*:*:*:*:*:*
• cpe:2.3:a:apache_foundation:apache_solr:7.0.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache_foundation:apache_solr:7.1.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache_foundation:apache_solr:7.2.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache_foundation:apache_solr:7.3.1:*:*:*:*:*:*:*
• cpe:2.3:a:apache_foundation:apache_solr:7.4.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache_foundation:apache_solr:7.5.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache_foundation:apache_solr:7.6.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache_foundation:apache_solr:7.7.3:*:*:*:*:*:*:*
• cpe:2.3:a:apache_foundation:apache_solr:8.0.0:*:*:*:*:*:*:*

External links

https://mail-archives.us.apache.org/mod_mbox/www-announce/202010.mbox/%3CCAECwjAWCVLoVaZy%3DTNRQ6Wk9KWVxdPRiGS8NT%2BPHMJCxbbsEVg%40mail.gmail.com%3E

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.