CVE-2019-0193: Apache Solr remote command execution vulnerability alerts-a vulnerability alert-the black bar safety net

2019 8 October 1, Apache Solr official release for CVE-2019-0193 vulnerability alerts, vulnerability hazard rating is serious.
The vulnerability appears in the Apache Solr DataImportHandler, the module is an optional but commonly used module for from the database and other sources to extract data. It has a function in which all of the DIH configuration via an external request dataConfig parameter to set. Since the DIH configuration may contain a script, so the attacker can construct dangerous request, resulting in remote command execution.
360CERT determine the vulnerability level is high, the recommendation of Apache Solr users in a timely upgrades to prevent the attacker to attack.

0x01 vulnerability details
The vulnerability is due to two reasons:
The user in the solrconfig. xml file set up DataImportHandler, open the DataImport functionality.
DataImportHandler module allows users to own included script, to be configured.
An attacker can construct a malicious script by the Converter to parse in Solr analysis of the process and not on the user’s input to do the check, can lead to an attacker remotely on the Solr server to execute the command.
Exploit the effect as follows:
!
0x02 affect the scope of the
Apache Solr

0x03 repair recommendations
The Apache Solr to upgrade to 8. 2. 0 or later
The temporary repair proposal:
编辑solrconfig.xml that will all use fixed values to configure the DataImportHandler usage in dataConfig parameter is set to an empty string.
Ensure that the network settings only allow trusted traffic with Solr to communicate, especially with the DIH request handler communication.

0x04 timeline
2019-08-01 Apache Solr official security Bulletin
2019-08-06 360-CERT issued a warning

0x05 reference links
https://issues.apache.org/jira/browse/SOLR-13669