CVE-2019-12409

Priority
Description
The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for
the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh
configuration file shipping with Solr. If you use the default solr.in.sh
file from the affected releases, then JMX monitoring will be enabled and
exposed on RMI_PORT (default=18983), without any authentication. If this
port is opened for inbound traffic in your firewall, then anyone with
network access to your Solr nodes will be able to access JMX, which may in
turn allow them to upload malicious code for execution on the Solr server.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.04 (Disco Dingo):not-affected (code not present)
Ubuntu 19.10 (Eoan Ermine):not-affected (code not present)
Ubuntu 20.04 (Focal Fossa):not-affected (code not present)
Patches:
Upstream:https://gitbox.apache.org/repos/asf?p=lucene-solr.git;a=commitdiff;h=d468d71;hp=f6f1b4244c40e5665b20a2a8ef9852c6dd827cb2
More Information

Updated: 2019-12-05 21:09:46 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)