CVE-2019-0192

Priority
Description
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API
allows to configure the JMX server via an HTTP POST request. By pointing it
to a malicious RMI server, an attacker could take advantage of Solr's
unsafe deserialization to trigger remote code execution on the Solr side.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
More Information

Updated: 2020-10-24 06:54:40 UTC (commit 69e225d81a6ee3e2e014950178db797c5d4e5009)