New exploit code has led researchers to reclassify a security threat aimed at the Linux enterprise search tool Apache Solr to “high severity status.”

Affected hardware could be hit with remote code execution (RCE) attacks that take advantage of a default configuration vulnerability, according to a blog post from Tenable.

Solr — which was originally designed to help those visiting the popular tech news site CNET look up information — has been run for the past 13 years by open-source organization Apache Software Foundation, which has continued to enhance its capabilities for other organizations. The exploit code discovery follows initial reports of a bug this past July, which were not considered as serious.

How the Solr Vulnerability Became a Critical Risk

Researchers originally believed the security issue with Solr would only allow cybercriminals and other third parties to access monitoring data. Further investigation showed, however, that using proof-of-concept code could allow malware to be uploaded and run on a Solr server, based on a hole in the 8983 port.

Although Windows users are reportedly not affected, the bug could be a powerful tool for misuse by anyone with network access to a Solr server and Java Management Extensions.

The Solr team issued a warning late last week, following the publication of revised proof-of-concept exploit code on the popular repository GitHub. Part of the concern stems from the fact that Apache Solr uses large volumes of compute power, which may be of interest to cryptocurrency miners and other cybercriminals.

Reducing the Risk of RCE Attacks

The Solr advisory suggested that anyone worried about being hit by an attack based on the exploit code could avoid the risk by using the “False” parameter for ENABLE_REMOTE_JMX_OPTS in their file settings. The Solr team also suggested users ensure they are updated to version 8.3, though the Tenable post suggested many versions, including that one, were vulnerable to the bug.

Another way to stay safe from this and other RCE attacks is to invest in vulnerability management solutions or services that can identify, prioritize and remediate exploit code and other flaws in commonly used software applications.

More from

Is It Time to Start Hiding Your Work Emails?

In this digital age, it is increasingly important for businesses to be aware of their online presence and data security. Many companies have already implemented measures such as two-factor authentication and strong password policies – but there is still a great deal of exposure regarding email visibility. It should come as no surprise that cyber criminals are always looking for ways to gain access to sensitive information. Unfortunately, emails are a particularly easy target as many businesses do not encrypt…

2022 Industry Threat Recap: Finance and Insurance

The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. Finance and insurance ranked as the most attacked sector from 2016 to 2020, with the manufacturing sector the most attacked in 2021 and 2022. What…

X-Force Prevents Zero Day from Going Anywhere

This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

And Stay Out! Blocking Backdoor Break-Ins

Backdoor access was the most common threat vector in 2022. According to the 2023 IBM Security X-Force Threat Intelligence Index, 21% of incidents saw the use of backdoors, outpacing perennial compromise favorite ransomware, which came in at just 17%. The good news? In 67% of backdoor attacks, defenders were able to disrupt attacker efforts and lock digital doorways before ransomware payloads were deployed. The not-so-great news? With backdoor access now available at a bargain price on the dark web, businesses…