Light Dark
November 26, 2019 By Shane Schick 2 min read

New exploit code has led researchers to reclassify a security threat aimed at the Linux enterprise search tool Apache Solr to “high severity status.”

Affected hardware could be hit with remote code execution (RCE) attacks that take advantage of a default configuration vulnerability, according to a blog post from Tenable.

Solr — which was originally designed to help those visiting the popular tech news site CNET look up information — has been run for the past 13 years by open-source organization Apache Software Foundation, which has continued to enhance its capabilities for other organizations. The exploit code discovery follows initial reports of a bug this past July, which were not considered as serious.

How the Solr Vulnerability Became a Critical Risk

Researchers originally believed the security issue with Solr would only allow cybercriminals and other third parties to access monitoring data. Further investigation showed, however, that using proof-of-concept code could allow malware to be uploaded and run on a Solr server, based on a hole in the 8983 port.

Although Windows users are reportedly not affected, the bug could be a powerful tool for misuse by anyone with network access to a Solr server and Java Management Extensions.

The Solr team issued a warning late last week, following the publication of revised proof-of-concept exploit code on the popular repository GitHub. Part of the concern stems from the fact that Apache Solr uses large volumes of compute power, which may be of interest to cryptocurrency miners and other cybercriminals.

Reducing the Risk of RCE Attacks

The Solr advisory suggested that anyone worried about being hit by an attack based on the exploit code could avoid the risk by using the “False” parameter for ENABLE_REMOTE_JMX_OPTS in their solr.in.sh file settings. The Solr team also suggested users ensure they are updated to version 8.3, though the Tenable post suggested many versions, including that one, were vulnerable to the bug.

Another way to stay safe from this and other RCE attacks is to invest in vulnerability management solutions or services that can identify, prioritize and remediate exploit code and other flaws in commonly used software applications.

 |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

January 30, 2025

When ransomware kills: Attacks on healthcare facilities

4 min read - As ransomware attacks continue to escalate, their toll is often measured in data loss and financial strain. But what about the loss of human life? Nowhere is the ransomware threat more acute than in the healthcare sector, where patients’ lives are literally on the line.Since 2015, there has been a staggering increase in ransomware attacks on healthcare facilities. And the impacts are severe: Diverted emergency services, delayed critical treatments and even fatalities. Meanwhile, the pledge some ransomware groups made during…

January 29, 2025

AI and cloud vulnerabilities aren’t the only threats facing CISOs today

6 min read - With cloud infrastructure and, more recently, artificial intelligence (AI) systems becoming prime targets for attackers, security leaders are laser-focused on defending these high-profile areas. They’re right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks.However, this heightened attention to emerging threats makes it easy to overlook traditional attack vectors, such as human-driven social engineering and vulnerabilities in physical security.As adversaries exploit an ever-wider range of potential entry points…

January 28, 2025

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature