Watchbog malware installed using solr < 7.1 vulnerability & support of newer version of solr #57
Description
Hi,
A bot is using a solr vulnerability to install a malware on linux servers:
https://nvd.nist.gov/vuln/detail/CVE-2017-12629
In solr logs, you can see when the bot exploited this vulnerability:
sed -n -e '/-listener/,/INFO/ p' /var/solr/logs/solr.log*
This attack adds a file /var/solr/data/*/conf/configoverlay.json
Here are some resources for those having been affected:
https://www.alibabacloud.com/blog/return-of-watchbog-exploiting-jenkins-cve-2018-1000861_594798
https://github.com/blackrangersoftware/kill4watchbog/blob/master/kill4watchbog.sh
Please @apbassi89, @davidverholen, @steverobbins, @wigman, can you consider making your extension compatible with solr > 7.1?
Best Regards,
A.L.