Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2019-17558 Mappings

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2019-17558	Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability	primary_impact	T1059	Command and Scripting Interpreter	Comments CVE-2019-17558 is a vulnerability in Apache Solr that allows for Remote Code Execution (RCE) through the VelocityResponseWriter. References https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html https://www.tenable.com/blog/cve-2019-17558-apache-solr-vulnerable-to-remote-code-execution-zero-day-vulnerability
CVE-2019-17558	Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability	exploitation_technique	T1190	Exploit Public-Facing Application	Comments CVE-2019-17558 is a vulnerability in Apache Solr that allows for Remote Code Execution (RCE) through the VelocityResponseWriter. References https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html https://www.tenable.com/blog/cve-2019-17558-apache-solr-vulnerable-to-remote-code-execution-zero-day-vulnerability