Vulnerability Details : CVE-2019-17558

Public exploit exists!
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
Published 2019-12-30 17:15:20
Updated 2025-02-06 22:15:33
Source Apache Software Foundation
View at NVD,   CVE.org
Vulnerability category: Execute code

Products affected by CVE-2019-17558

CVE-2019-17558 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2019-17558
Added on 2021-11-03 Action due date 2022-05-03

Exploit prediction scoring system (EPSS) score for CVE-2019-17558

EPSS FAQ
97.52%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2019-17558

  • Apache Solr Remote Code Execution via Velocity Template
    Disclosure Date: 2019-10-29
    First seen: 2020-04-26
    exploit/multi/http/solr_velocity_rce
    This module exploits a vulnerability in Apache Solr <= 8.3.0 which allows remote code execution via a custom Velocity template. Currently, this module only supports Solr basic authentication. From the Tenable advisory: An attacker could target a vulnerable A

CVSS scores for CVE-2019-17558

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
4.6
 MEDIUM AV:N/AC:H/Au:S/C:P/I:P/A:P
3.9
6.4
 NIST
7.5
 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1.6
5.9
 134c704f-9b21-4f2e-91b3-4a467353bcc0 2025-02-06
7.5
 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1.6
5.9
 NIST

CWE ids for CVE-2019-17558

References for CVE-2019-17558

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close