security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
af0b1e61b4e76630e65f6edcebaeda06a4b80968
blue-team-tools/rules/web/web_apache_solr_lfi_exploit.yml
T
Gott af0b1e61b4 Create web_apache_solr_lfi_exploit.yml
2022-12-11 10:53:38 -05:00

31 lines
1.2 KiB
YAML
Raw Blame History

title: Potential Apache Solr Local File Read Exploit
id: 0bbcd74b-0596-41a4-94a0-4e88a76ffdb3
status: experimental
description: |
All Apache Solr versions <= 8.8.1 are impacted by an arbitrary file read and server-side request forgery (SSRF) vulnerability.
Unauthenticated attackers could turn on requestDis patcher.requestParsers.enableRemoteStreaming via the Config API.
After configured, remote attackers can can thereby read local files on the vulnerable devices through ContentStream.
references:
- https://twitter.com/Al1ex4/status/1382981479727128580
- https://twitter.com/sec715/status/1373472323538362371
- https://nsfocusglobal.com/apache-solr-arbitrary-file-read-and-ssrf-vulnerability-threat-alert/
- https://mp.weixin.qq.com/s?__biz=Mzg3NDU2MTg0Ng==&mid=2247484117&idx=1&sn=2fdab8cbe4b873f8dd8abb35d935d186
author: '@gott_cyber'
date: 2022/12/11
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection_request:
c-uri|contains|all:
- '/solr/'
- '/debug/dump?'
- 'param=ContentStream'
sc-status: '200'
condition: selection_request
falsepositives:
- Unknown
level: medium
Reference in New Issue View Git Blame Copy Permalink