CVE-2024-52012
Published: 27 January 2025
Summary
CVE-2024-52012 is a medium-severity Relative Path Traversal (CWE-23) vulnerability in Apache Solr. Its CVSS base score is 5.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires identifying, reporting, and correcting system flaws like the path traversal in Solr's configset upload API, directly enabling the recommended upgrade to version 9.8.0.
AC-6 enforces least privilege by restricting access to the vulnerable configset upload API to only trusted administrators, as recommended in the Apache advisory.
SI-10 mandates validation and sanitization of inputs like ZIP file paths to prevent relative path traversal attacks such as zipslip in the configset upload API.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables exploitation of public-facing Solr upload API (T1190) for arbitrary file writes via malicious ZIP, directly facilitating ingress of attacker-controlled files/tools (T1105).
NVD Description
Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use…
more
relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue. Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.
Deeper analysisAI
CVE-2024-52012 is a Relative Path Traversal vulnerability, commonly known as a "zipslip", in the "configset upload" API of Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access due to a lack of input sanitization when processing ZIP files, which can use relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr versions from 6.6 through 9.7.0.
The vulnerability has a CVSS score of 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N), requiring low-privilege authenticated access over the network with no user interaction. An attacker with such privileges can upload a maliciously constructed ZIP file via the configset upload API, achieving arbitrary file writes outside the intended directory and resulting in low confidentiality and integrity impacts.
Apache advisories recommend upgrading to version 9.8.0, which fixes the issue. Users unable to upgrade may mitigate the vulnerability by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API to a trusted set of administrators or users. Further details are provided in the Apache mailing list thread at https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd and the oss-security announcement at http://www.openwall.com/lists/oss-security/2025/01/26/2.
Details
- CWE(s)