Tag :
Cyber Security

About the Vulnerability

Introduction

Solr is a popular, extremely fast open-source enterprise search platform built on Apache Lucene™. Solr is widely used for enterprise search, website search, and other large-scale data search applications, featuring high scalability, distributed searching, and real-time indexing.

Summary

On October 30, 2024, Sangfor FarSight Labs received notification that an Apache-Solr component contains information of Authentication Bypass Vulnerability(CVE-2024-45216), classified as critical in threat level.

Attackers can forge malicious requests to exploit the PKIAuthenticationPlugin, resulting in authorization bypass and enabling unauthorized invocation. Unauthorized attackers can leverage this vulnerability to bypass authentication, which could lead to server compromise in severe cases.

Affected Versions

5.3.0 ≤ Apache Solr < 8.11.4

9.0.0 ≤ Apache Solr < 9.7.0

Vulnerability Reproduction

Sangfor FarSight Labs has reproduce this vulnerability.

CVE-2024-45216-1

Solutions

Remediation Solutions

Check the System Version

You can check the version of solr on the Web Service Management Console.

CVE-2024-45216-2

Official Solution

Secure versions:

Apache Solr 8.11.4

Apache Solr 9.7.0

Solution:

The official secure versions have been released. Affected users are advised to update the version of solr to 8.11.4, 9.7..0 and versions above.

Download link: https://solr.apache.org/downloads.html

Sangfor Solutions

Risky Assets Detection

Support is provided for proactive detection of Apache-Solr; and it is capable of batch identifying the affected asset conditions of this event in business scenarios. Related products are as follows:

[Sangfor CWPP] has released an asset detection scheme, with Fingerprint ID: 0006966.

[Sangfor Host Security] has released an asset detection scheme, with Fingerprint ID: 0006966.

Vulnerability Proactive Detection

Support is provided for proactive detection of Apache Solr Authentication Bypass Vulnerability(CVE-2024-45216); and it is capable of quickly batch identifying whether there are vulnerability risks in business scenarios. Related products are as follows:

[Sangfor Host Security] is expected to release a detection scheme on November 3, 2024, with Rule ID: SF-2024-01242.

[Sangfor Cyber Guardian MDR] is expected to release a detection scheme on November 4, 2024, with Rule ID: SF-2024-01243.

[Sangfor Omni-Command] is expected to release a detection scheme on November 3, 2024(requiring Host Security component capabilities), with Rule ID: SF-2024-01242.

Vulnerability Security Detection

Support is provided for monitoring Apache Solr Authentication Bypass Vulnerability(CVE-2024-45216); and it is capable of monitoring the affected asset conditions in business scenarios in real-time based on traffic collection, and quickly checking the scope of impact. Related products and services are as follows:

[Sangfor Cyber Command] is expected to release a monitoring scheme on November 8, 2024, with Rule ID: 11027773.

[Sangfor Cyber Guardian MDR] is expected to release a monitoring scheme on November 8, 2024 (requiring Cyber Command component capabilities), with Rule ID: 11027773.

[Sangfor Omni-Command] is expected to release a monitoring scheme on November 8, 2024, with Rule ID: 11027773.

Safety Protection

Support is provided for defense against Apache Solr Authentication Bypass Vulnerability(CVE-2024-45216); and it is capable of blocking attackers' intrusion targeting this event. Related products and services are as follows:

[Sangfor Network Secure] is expected to release a monitoring scheme on November 8, 2024, with Rule ID: 11027773.

[Sangfor WAF] is expected to release a monitoring scheme on November 8, 2024, with Rule ID: 11027773.

[Sangfor Cyber Guardian MDR] is expected to release a monitoring scheme on November 8, 2024 (requiring AF component capabilities), with Rule ID: 11027773.

[Sangfor Omni-Command] is expected to release a monitoring scheme on November 8, 2024 (requiring AF component capabilities), with Rule ID: 11027773.

Timeline

On October 30, 2024, Sangfor FarSight Labs received notification of Apache Solr Authentication Bypass Vulnerability(CVE-2024-45216).

On October 30, 2024, Sangfor FarSight Labs released a vulnerability alert.

References

https://solr.apache.org/security.html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending

https://seclists.org/oss-sec/2024/q4/31

Listen To This Post

Search

Keyword maximum 256 character

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

See Other Product

Meet the Author

sangfor building image

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • facebook
  • twitter
  • linkedin
  • youtube
  • instagram
See Author's Detail