Main Vulnerability Database Exploits ID:5343 - Exploit for Protection Mechanism Failure in Apache Solr - CVE-2020-13957

ID:5343 - Exploit for Protection Mechanism Failure in Apache Solr - CVE-2020-13957

Published: May 9, 2021

Vulnerability identifier: #VU47626

Vulnerability risk: High

CVE-ID: CVE-2020-13957

CWE-ID: CWE-693

Exploitation vector: Remote access

Vulnerable software:
Apache Solr

Link to public exploit:

https://github.com/s-index/CVE-2020-13957

Vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures, configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. A remote non-authenticated attacker can upload a specially crafted configuration and execute arbitrary code on the system.

Remediation

Install updates from vendor's website.

ID:5343 - Exploit for Protection Mechanism Failure in Apache Solr - CVE-2020-13957

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human