Published on August 2nd, 2019 📆 | 8590 Views ⚑
0Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
CVSS Meta Temp Score | Current Exploit Price (≈) |
---|---|
5.5 | $5k-$25k |
A vulnerability has been found in Apache Solr 8.2.0 and classified as critical. Affected by this vulnerability is an unknown part of the component DataImportHandler. The manipulation as part of a Parameter leads to a unknown weakness. The impact remains unknown. The summary by CVE is:
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
The weakness was released 08/01/2019. The advisory is shared at issues.apache.org. This vulnerability is known as CVE-2019-0193 since 11/14/2018. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 08/02/2019).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Vendor
Name
Class: Unknown
Local: Yes
Remote: No
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: no mitigation known
0-Day Time: 🔒
11/14/2018 CVE assigned
08/01/2019 Advisory disclosed
08/02/2019 VulDB entry created
08/02/2019 VulDB last updateVendor: apache.org
Advisory: issues.apache.org
CVE: CVE-2019-0193 (🔒)
Created: 08/02/2019 11:52 AM
Complete: 🔍
Download the whitepaper to learn more about our service!
https://vuldb.com/?id.139261
Gloss