Environment
- EDR Server/Cluster: All supported versions
Objective
Resolution
- Stop the cluster/server
- Navigate to /etc/cb/solr/core_conf/cbalerts on master (and minion nodes in case of cluster)
- edit the solrconfig.xml.template file and locate the first "requestHandler" entry, and inserting the following above it:
<requestHandler name="/sql" class="solr.NotFoundRequestHandler"/>
- Repeat step 3 for solrconfig.xml.template in the following additional directories (on master and minion nodes, update 6 files/locations on each node)
/etc/cb/solr/core_conf/cbfeeds/conf/solrconfig.xml.template
/etc/cb/solr/core_conf/cbmodules/conf/solrconfig.xml.template
/etc/cb/solr/core_conf/configsets/cbevents_v2/conf/solrconfig.xml.template
/etc/cb/solr/core_conf/configsets/cbevents_v1/conf/solrconfig.xml.template
/etc/cb/solr/core_conf/configsets/cbevents_v0/conf/solrconfig.xml.template
- Start the server/cluster
Additional Notes
- By default, our installers configure Solr in "standard mode", which is not impacted by CVE-2022-39135.
- Be careful and DO NOT edit the solr.xml.template placed at root solr location i.e /etc/cb/solr, add the line only in individual folders' solrconfig.xml.template. Note that these files are different names: solr.xml.template vs solrconfig.xml.template. Only solrconfig.xml.template should be updated.
- By default, Solr will only forward requests to /sql handlers if Solr is in "CloudMode", otherwise the following message is presented regardless of remediation steps (and CVE-2022-39135 cannot be exploited), and Solr is not configured in cloud mode by our installers:
"EXCEPTION":"/sql handler only works in Solr Cloud mode",
Related Content