From cbronline.com
“We should expect quite large-scale and aggressive exploitation in the wild pretty soon”
Apache Solr, an open source enterprise search platform used by some of the biggest names in business including Adobe, Bloomberg, eBay, Goldman Sachs, Instagram and Netflix as users, remains vulnerable to a zero day weeks after proof-of-concept code became public, cybersecurity experts have warned.
The alert comes after after two remote code execution (RCE) vulnerabilities emerged. One, CVE-2019-12409 has already been patched by the Apache Solr team, while the other – without a CVE number – seems to still be unpatched. (Admins are being urged to rapidly implement the patch to avoid attack).