Enhancement: cves/2019/CVE-2019-0193.yaml by mp

cves/2019/CVE-2019-0193.yaml

@@ -1,15 +1,16 @@
 id: CVE-2019-0193
 
 info:
-  name: Apache Solr - DataImportHandler RCE
+  name: Apache Solr DataImportHandler <8.2.0 - Remote Code Execution
   author: pdteam
   severity: high
-  description: In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
+  description: Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk.
+  remediation: Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2019-0193
     - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2019-0193
     - https://paper.seebug.org/1009/
     - https://issues.apache.org/jira/browse/SOLR-13669
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-0193
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 7.2
@@ -51,3 +52,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/06/15