Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.APACHE_SOLR_CVE-2019-12409.NBIN
HistoryDec 19, 2019 - 12:00 a.m.

Apache Solr 8.1.1, 8.2.0 Remote JMX RMI Deserialization Vulnerability

2019-12-1900:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.055 Low

EPSS

Percentile

93.3%

JSON

The version of Apache Solr running on the remote web server is affected by a remote code execution vulnerability in the Config API due to unsafe deserialization of Java objects. An unauthenticated, remote attacker can exploit this, via a crafted serialized Java object, to execute arbitrary code.

Binary data apache_solr_cve-2019-12409.nbin
VendorProductVersionCPE
apachesolrcpe:/a:apache:solr

Related

ubuntucve 1
nvd 1
githubexploit 1
symantec 1
threatpost 1
osv 2
f5 1
attackerkb 1
redhatcve 1
prion 1
cvelist 1
cve 1
nessus 2
github 1
debiancve 1
checkpoint_advisories 1
ubuntucve
ubuntucve
CVE-2019-12409
2019-11-18 00:00:00
nvd
nvd
CVE-2019-12409
2019-11-18 21:15:11
githubexploit
githubexploit
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Solr
2019-11-19 08:53:56
symantec
symantec
Apache Solr for Linux CVE-2019-12409 Remote Code Execution Vulnerability
2019-08-12 00:00:00
threatpost
threatpost
Apache Solr Bug Gets Bumped Up to High Severity
2019-11-20 19:41:57
osv
osv
Unrestricted upload of file with dangerous type in Apache Solr
2020-01-28 22:26:54
CVE-2019-12409
2019-11-18 21:15:11
f5
f5
K23720587 : Apache Solr vulnerability CVE-2019-12409
2019-12-03 00:00:00
attackerkb
attackerkb
Apache Solr 8.11, 8.20 have unauthenticated JMX server enabled in default config
2019-09-11 00:00:00
redhatcve
redhatcve
CVE-2019-12409
2019-11-20 20:07:26
prion
prion
Default configuration
2019-11-18 21:15:00
cvelist
cvelist
CVE-2019-12409
2019-11-18 20:50:59
cve
cve
CVE-2019-12409
2019-11-18 21:15:11
nessus
nessus
Apache Solr 8.1.1 / 8.2.0 Remote Code Execution Vulnerability
2019-11-21 00:00:00
Apache Solr 8.1.1 < 8.3.0 Remote Code Execution
2020-01-27 00:00:00
github
github
Unrestricted upload of file with dangerous type in Apache Solr
2020-01-28 22:26:54
debiancve
debiancve
CVE-2019-12409
2019-11-18 21:15:11
checkpoint_advisories
checkpoint_advisories
Apache Solr Remote Code Execution (CVE-2019-12409; CVE-2019-17558)
2019-11-20 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.055 Low

EPSS

Percentile

93.3%

JSON
Related for APACHE_SOLR_CVE-2019-12409.NBIN
ubuntucve1nvd1githubexploit1symantec1threatpost1osv2f51attackerkb1redhatcve1prion1cvelist1cve1nessus2github1debiancve1checkpoint_advisories1