Remote code execution in Apache Solr

Published: 2019-11-21
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-12409
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Apache Solr
Client/Desktop applications / Other client software

Vendor Apache Foundation

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Improper Authentication

EUVDB-ID: #VU22878

Risk: High


CVE-ID: CVE-2019-12409

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No


The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to insecure default configuration in of Apache Solr. The "ENABLE_REMOTE_JMX_OPTS" is set to "true" by default, which allows remote JMX client applications. A remote non-authenticated attacker can bypass authentication process and gain execute arbitrary code on the system.


Install updates from vendor's website.

Vulnerable software versions

Apache Solr: 8.1.1 - 8.2.0

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?