Saturday, February 8, 2025
HomeApacheCritical Apache Solr Vulnerability Grants Write Access to Attackers on Windows

Critical Apache Solr Vulnerability Grants Write Access to Attackers on Windows

Published on

SIEM as a Service

Follow Us on Google News

A new security vulnerability has been uncovered in Apache Solr, affecting versions 6.6 through 9.7.0.

The issue, classified as a Relative Path Traversal vulnerability, exposes Solr instances running on Windows to potential risks of arbitrary file path manipulation and write-access.

Tracked as SOLR-17543, this vulnerability could permit attackers to exploit the “configset upload” API through a maliciously crafted ZIP file.

Exploiting File Path Manipulation Through Zipslip

The vulnerability stems from improper input sanitation in Solr’s “configset upload” API.

This flaw enables attackers to execute what is commonly referred to as a “zipslip” attack, leveraging malicious ZIP files containing relative file paths to overwrite or write files in unexpected locations within the filesystem.

Because certain components of Windows file path processing are more prone to exploitation, Solr instances hosted on Windows platforms are particularly at risk.

The attack could allow unauthorized write-access to critical system files, potentially compromising the integrity of the Solr application and the broader system it is part of.

Upgrade or Restrict Access

To address and eliminate the vulnerability, Apache Solr has released version 9.8.0, which includes a comprehensive fix for the issue.

Users operating on affected versions are strongly encouraged to upgrade to version 9.8.0 to secure their systems against potential exploits.

For organizations unable to perform an immediate upgrade, a mitigation strategy involves leveraging Solr’s “Rule-Based Authentication Plugin.”

By configuring this plugin to restrict access to the “configset upload” API to a trusted set of administrators or authorized users, the risk of exploitation can be significantly reduced.

Proper access control ensures that only vetted individuals or systems can interact with this sensitive API endpoint, effectively minimizing exposure to the vulnerability.

The vulnerability underscores the importance of maintaining updated software and implementing robust security controls.

Users are advised to evaluate their current Solr deployment for any potential exposure to this flaw.

Systems running on Windows environments, in particular, should be prioritized for patching or mitigation, given the elevated risk of exploitation on this platform.

Organizations should also review their access control policies and monitor API activity to detect and prevent any anomalous behavior.

The identification of SOLR-17543 highlights the ongoing need for vigilance in securing open-source software deployments.

While the release of Solr 9.8.0 provides a definitive resolution, proactive measures such as authentication and API restriction serve as critical interim safeguards to protect sensitive environments.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...