Apache Solr For Windows Vulnerability Allows Arbitrary Path write-access
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A newly disclosed vulnerability in Apache Solr, identified as CVE-2024-52012, has raised concerns among users of the search platform, particularly those running instances on Windows systems.
The flaw, categorized as a Relative Path Traversal vulnerability, allows attackers to gain arbitrary path write-access via the “configset upload” API. This issue affects versions 6.6 through 9.7.0 of Apache Solr.
Apache Solr For Windows Vulnerability
The vulnerability stems from an input-validation flaw in the configset upload API, which enables users to upload configuration files packaged as ZIP archives.
“Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the “configset upload” API”, reads the advisory.
Malicious actors can exploit this by crafting specially designed ZIP files that include relative file paths
This attack vector, commonly referred to as “Zip Slip,” allows files to be written outside the intended directory structure, potentially overwriting critical system files or injecting malicious code.
The exploitation process involves:
This vulnerability is particularly concerning because it can be exploited remotely and does not require advanced technical expertise.
If successful, attackers could compromise system integrity or execute further attacks such as remote command execution.
The vulnerability was responsibly disclosed by a security researcher credited as “rry.”
The issue impacts all versions of Apache Solr from 6.6 through 9.7.0 when deployed on Windows systems.
Mitigation and Fixes
Apache has released version 9.8.0, which addresses this vulnerability by implementing stricter input validation for the configset upload API and preventing directory traversal attacks.
Users who are unable to upgrade can safely prevent this issue by utilizing Solr’s “Rule-Based Authentication Plugin” to limit access to the configset upload API to a trusted group of administrators/users.
The “Zip Slip” vulnerability is not unique to Apache Solr and has been a recurring issue across multiple software ecosystems, particularly in Java applications where ZIP file handling is common.
Without proper validation of extracted file paths, attackers can exploit this flaw to achieve directory traversal and arbitrary file writes.
Apache Solr remains a critical tool for many organizations, and addressing security vulnerabilities like CVE-2024-52012 promptly is vital for maintaining trust in its ecosystem.
#Apache #Cyber_Security #Cyber_Security_News #Vulnerability #Windows #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Apache Solr For Windows Vulnerability Allows Arbitrary Path write-access
Author: Kaaviya RagupathyA newly disclosed vulnerability in Apache Solr, identified as CVE-2024-52012, has raised concerns among users of the search platform, particularly those running instances on Windows systems.
The flaw, categorized as a Relative Path Traversal vulnerability, allows attackers to gain arbitrary path write-access via the “configset upload” API. This issue affects versions 6.6 through 9.7.0 of Apache Solr.
Apache Solr For Windows Vulnerability
The vulnerability stems from an input-validation flaw in the configset upload API, which enables users to upload configuration files packaged as ZIP archives.
“Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the “configset upload” API”, reads the advisory.
Malicious actors can exploit this by crafting specially designed ZIP files that include relative file paths
This attack vector, commonly referred to as “Zip Slip,” allows files to be written outside the intended directory structure, potentially overwriting critical system files or injecting malicious code.
The exploitation process involves:
- Crafting a ZIP Archive: The attacker creates a ZIP file containing relative paths that traverse directories.
- Uploading via ConfigSet API: The malicious archive is uploaded through Solr’s configset upload endpoint.
- File Overwrite: Upon extraction, the malicious files are written to unintended locations on the filesystem.
This vulnerability is particularly concerning because it can be exploited remotely and does not require advanced technical expertise.
If successful, attackers could compromise system integrity or execute further attacks such as remote command execution.
The vulnerability was responsibly disclosed by a security researcher credited as “rry.”
The issue impacts all versions of Apache Solr from 6.6 through 9.7.0 when deployed on Windows systems.
Mitigation and Fixes
Apache has released version 9.8.0, which addresses this vulnerability by implementing stricter input validation for the configset upload API and preventing directory traversal attacks.
Users who are unable to upgrade can safely prevent this issue by utilizing Solr’s “Rule-Based Authentication Plugin” to limit access to the configset upload API to a trusted group of administrators/users.
The “Zip Slip” vulnerability is not unique to Apache Solr and has been a recurring issue across multiple software ecosystems, particularly in Java applications where ZIP file handling is common.
Without proper validation of extracted file paths, attackers can exploit this flaw to achieve directory traversal and arbitrary file writes.
Apache Solr remains a critical tool for many organizations, and addressing security vulnerabilities like CVE-2024-52012 promptly is vital for maintaining trust in its ecosystem.
#Apache #Cyber_Security #Cyber_Security_News #Vulnerability #Windows #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
