You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows attackers to configure the JMX server via an HTTP POST request. By directing it to a malicious RMI server, this vulnerability can be exploited to trigger unsafe deserialization, leading to remote code execution on the Solr server.
💎 $150 bounty • ProjectDiscovery Bounty Available for CVE Template Contribution
Steps to Contribute:
Claim attempt: Comment /attempt #10891 on this issue to claim attempt.
Write the Template: Create a high-quality Nuclei template for the specified CVE, following our Contribution Guidelines and Acceptance Criteria.
Submit the Template: Open a pull request (PR) to projectdiscovery/nuclei-templates and include /claim #10891 in the PR body to claim the bounty.
Receive Payment: Upon successful merge of your PR, you will receive 100% of the bounty through Algora.io within 2-5 days. Ensure you are eligible for payouts.
Thank you for contributing to projectdiscovery/nuclei-templates and helping us democratize security!
Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(-debug) along with the template to help the triage team with validation. Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. You can check the FAQ for the Nuclei Templates Community Rewards Program here.
Is there an existing template for this?
Template requests
Description:
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows attackers to configure the JMX server via an HTTP POST request. By directing it to a malicious RMI server, this vulnerability can be exploited to trigger unsafe deserialization, leading to remote code execution on the Solr server.
Severity: Critical
POC:
References:
Shodan Query:
cpe:"cpe:2.3:a:apache:solr"
CPE:
cpe:2.3:a:apache:solr::::::::
cpe:2.3:a:netapp:storage_automation_store:-:::::::*
Anything else?
No response
The text was updated successfully, but these errors were encountered: