You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Hariprasad T (Jira)" <ji...@apache.org> on 2022/11/04 04:50:00 UTC

[jira] [Updated] (SOLR-16522) Unauthenticated access to an Apache Solr Server Detected

     [ https://issues.apache.org/jira/browse/SOLR-16522?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Hariprasad T updated SOLR-16522:
--------------------------------
    Security: Public  (was: Private (Security Issue))

> Unauthenticated access to an Apache Solr Server Detected
> --------------------------------------------------------
>
>                 Key: SOLR-16522
>                 URL: https://issues.apache.org/jira/browse/SOLR-16522
>             Project: Solr
>          Issue Type: Task
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Hariprasad T
>            Priority: Major
>
> Hi Team,
> We have a Sitecore project with the version 9.3 and we are using windows Solr 8.1.1. We have this Vulnerability "Unauthenticated access to an Apache Solr Server Detected" impacted on few of our servers. And below are the patch fix suggested by Solr for this vulnerability.
> *Ref:* SOLR-13647   -CVE-2019-12409
> *URL:* https://solr.apache.org/security.html#cve-2019-12409-apache-solr-rce-vulnerability-due-to-bad-config-default
> *Impacted Servers:*
> Many servers like TST, STG, Prod.
> *Mitigation:*
> *(a) Users are advised to upgrade to latest solr version  https://lucene.apache.org/solr/downloads.html "Solr 8.3.0:*
> With Sitecore 9.3 only Solr 8.1.1 version works and recommended so we cannot do any upgrade to Solr. Please correct me if I'm wrong. 
> *(b) Apply workaround: Make sure your effective solr.in.sh file has ENABLE_REMOTE_JMX_OPTS set to False on every Solr node and then restart Solr. Note that the effective solr.in.sh file may reside in /etc/defaults/ or another location depending on the install. You can then validate that the com.sun.management.jmxremote family of properties are not listed in the Java Properties section of the Solr Admin UI, or configured in a secure way:*
> Applied the fix and its not working. Please advise or suggest any other fix.
> Thanks in advance!!
>  
> Regards,
> Hariprasad T



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org