Candidate: CVE-2019-0192
PublicDate: 2019-03-07 21:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0192
 http://mail-archives.us.apache.org/mod_mbox/www-announce/201903.mbox/%3CCAECwjAV1buZwg%2BMcV9EAQ19MeAWztPVJYD4zGK8kQdADFYij1w%40mail.gmail.com%3E
Description:
 In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API
 allows to configure the JMX server via an HTTP POST request. By pointing it
 to a malicious RMI server, an attacker could take advantage of Solr's
 unsafe deserialization to trigger remote code execution on the Solr side.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_lucene-solr:
upstream_lucene-solr: needs-triage
precise/esm_lucene-solr: DNE
trusty_lucene-solr: ignored (reached end-of-life)
trusty/esm_lucene-solr: DNE (trusty was needs-triage)
xenial_lucene-solr: ignored (end of standard support, was needs-triage)
bionic_lucene-solr: needs-triage
cosmic_lucene-solr: ignored (reached end-of-life)
disco_lucene-solr: ignored (reached end-of-life)
eoan_lucene-solr: ignored (reached end-of-life)
focal_lucene-solr: needs-triage
groovy_lucene-solr: ignored (reached end-of-life)
hirsute_lucene-solr: ignored (reached end-of-life)
impish_lucene-solr: needs-triage
jammy_lucene-solr: needs-triage
devel_lucene-solr: needs-triage