Access Control: Apache Solr 7+ - Remote Code Execution (Apache Log4j)¶

Identifier: apache_solr_log4j_rce

Scanner(s) Support¶

Description¶

Apache Log4j2 \<=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. This vulnerability affects Solr 7+.

Reference:

• https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
• https://twitter.com/sirifu4k1/status/1470011568834424837
• https://github.com/apache/solr/pull/454
• https://logging.apache.org/log4j/2.x/security.html
• https://nvd.nist.gov/vuln/detail/CVE-2021-44228
• https://github.com/vulhub/vulhub/tree/master/log4j/CVE-2021-44228

Configuration¶

Example¶

Example configuration:

---
security_tests:
  apache_solr_log4j_rce:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

assets_allowed¶

Type : List[AssetType]*

List of assets that this check will cover.

skip¶

Type : boolean

Skip the test if true.