答复: Security Vulnerability Consultation

2019-11-04 Thread Huawei PSIRT
Dear Erik, Thank you for your fast reply. Best Regards, Huawei PSIRT -邮件原件- 发件人: Erik Hatcher [mailto:erik.hatc...@gmail.com] 发送时间: 2019年11月1日 21:50 收件人: solr-user@lucene.apache.org 抄送: Huawei PSIRT ; Renling 主题: Re: Security Vulnerability Consultation Hi - There are many

Re: Security Vulnerability Consultation

2019-11-01 Thread Erik Hatcher
Hi - There are many "vulnerabilities" that can be enabled when one has administrative access to Solr, with this being one example. The setting mentioned defaults to false, and requires admin access to enable. The warning from the Solr Reference Guide is worth repeating here: >> No Solr API,

Security Vulnerability Consultation

2019-10-31 Thread Huawei PSIRT
Dear, This is Huawei PSIRT. We have learned that a security researcher released an Apache Solr RCE suspected vulnerability on October 31, 2019. The links are as follow: https://meterpreter.org/unpatch-apache-solr-remote-c