Apache Solr 8.3.0 - Remote Code Execution via Velocity Template

By
Prathap
Published on
16 Jun 2021
Vulnerability

Apache Solr is an independent full-text search server written in Java and running in a Servlet container (such as Apache Tomcat or Jetty). Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user-defined configset could contain renderable, potentially malicious, templates.

Impact

Attackers can use the Velocity-SSTI vulnerability to execute arbitrary code on the Solr system with the help of a custom Velocity template function

Mitigation / Precaution

We recommend you to upgrade Apache Solr to the latest version.

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Prathap
Prathap
Co-founder, Director
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.