This is exactly why I asked what Solr version they were running, to see if they
had the vulnerability. We still have no idea about Solr, OS, or JVM versions.
wunder
Walter Underwood
wun...@wunderwood.org
http://observer.wunderwood.org/ (my blog)
> On Aug 26, 2018, at 5:25 AM, Shawn Heisey
On 8/25/2018 9:21 PM, Erick Erickson wrote:
This is probably CVE-2017-12629, see SOLR-11482, SOLR-11477 for
specific versions that have been patched and upgrade. You also need
to, as Jan suggested, figure out a way to be absolutely sure that your
installation is cleaned before you can be sure
This is probably CVE-2017-12629, see SOLR-11482, SOLR-11477 for
specific versions that have been patched and upgrade. You also need
to, as Jan suggested, figure out a way to be absolutely sure that your
installation is cleaned before you can be sure that you're protected.
Also see:
I am not sure how solr is exactly set up currently, much less on any
specific system. But, for operations which are largely reading, *maybe*
like a query, you might be able run on a read only partition.
A firewall is a lot less work and a good start, like 90% of the problem.
To do this, you
On 8/25/2018 12:59 PM, humanitarian wrote:
I am struggling to fight an attack were the solr user is being used to
crate files used for mining cryptocurrencies. The files are being
created in the /var/tmp and /tmp folders.
It will use 100% of the CPU.
I am looking for help in stopping these
What version of Solr are you running? On what OS? With what version of Java?
wunder
Walter Underwood
wun...@wunderwood.org
http://observer.wunderwood.org/ (my blog)
> On Aug 25, 2018, at 11:59 AM, humanitarian wrote:
>
> Hi All,
>
> I am struggling to fight an attack were the solr user is
Hi All,
I am struggling to fight an attack were the solr user is being used to
crate files used for mining cryptocurrencies. The files are being
created in the /var/tmp and /tmp folders.
It will use 100% of the CPU.
I am looking for help in stopping these attacks.
All files are created under
