Free Solr Module for Magento 1 for greatly improved search results
GNU Lesser General Public License v3.0
48
stars
12
forks
source link
Watchbog malware installed using solr < 7.1 vulnerability & support of newer version of solr #57
Open
owebia opened 5 years ago
Hi,
A bot is using a solr vulnerability to install a malware on linux servers:
https://nvd.nist.gov/vuln/detail/CVE-2017-12629
In solr logs, you can see when the bot exploited this vulnerability:
This attack adds a file /var/solr/data/*/conf/configoverlay.json
Here are some resources for those having been affected: https://www.alibabacloud.com/blog/return-of-watchbog-exploiting-jenkins-cve-2018-1000861_594798 https://github.com/blackrangersoftware/kill4watchbog/blob/master/kill4watchbog.sh
Please @apbassi89, @davidverholen, @steverobbins, @wigman, can you consider making your extension compatible with solr > 7.1?
Best Regards, A.L.