Security for everyone

CVE-2019-17558 Scanner

Detects 'Remote Code Execution (RCE)' vulnerability in Apache Solr affects v. 5.0.0 to 8.3.1.


Short Info



Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

15 sec

Scan only one

Domain, Ipv4



Apache Solr is an open-source search platform that is used for indexing and searching data. It is built on top of the Apache Lucene search library and allows developers to easily add search capabilities to their applications. Solr provides powerful features such as faceted search, hit highlighting, and distributed search capabilities. It is used by many companies and organizations to power search functionality on their websites, applications, and data repositories.

One of the vulnerabilities detected in Solr is CVE-2019-17558, which is a remote code execution vulnerability through the VelocityResponseWriter. This vulnerability allows an attacker to execute arbitrary code on the server by providing a malicious Velocity template. The template can be supplied through Velocity templates in a configuration set, or as a parameter. Although parameter-provided templates are disabled by default, they can be enabled by setting the `params.resource.loader.enabled` setting to true.

This vulnerability can lead to serious consequences if it is exploited by an attacker. By executing arbitrary code on the server, an attacker can gain complete control over the system and potentially steal sensitive data, install malware, or launch other attacks. This can have a severe impact on the user data and the reputation of an organization using Solr.

In conclusion, the CVE-2019-17558 vulnerability in Apache Solr is a serious issue that can lead to serious consequences when exploited. It is important for organizations to take the necessary precautions to protect their Solr instances and prevent attacks. By utilizing the pro features of the platform, organizations can easily and quickly learn about vulnerabilities in their digital assets and stay ahead of potential threats.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture