Strix
26.1K

CVE-2019-17558

HIGHCVSS 7.5/10Actively ExploitedEPSS 98.57%

Last modified

CVE-2019-17558 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. CISA has confirmed active exploitation in the wild. EPSS estimates a 98.57% chance of exploitation in the next 30 days.

Description

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
98.57%

99.9th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .

Weakness Enumeration

Affected Software

VendorProductVersions
ApacheSolr>= 5.0.0, < 7.7.3
ApacheSolr>= 8.0.0, < 8.4.0
OraclePrimavera Unifier>= 17.7, <= 17.12
OraclePrimavera Unifier16.1
OraclePrimavera Unifier16.2
OraclePrimavera Unifier18.8
OraclePrimavera Unifier19.12

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2019-17558?
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
How severe is CVE-2019-17558?
CVE-2019-17558 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 98.57% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.
How do I fix CVE-2019-17558?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-17558?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST