CVE-2019-0192

Priority
Description
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API
allows to configure the JMX server via an HTTP POST request. By pointing it
to a malicious RMI server, an attacker could take advantage of Solr's
unsafe deserialization to trigger remote code execution on the Solr side.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.04 (Disco Dingo):needs-triage
Ubuntu 19.10 (Eoan):needs-triage
More Information

Updated: 2019-09-19 14:49:42 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)