Vulnerable Apache Solr, Redis, Windows servers hit with cryptominers[helpnetsecurity]

Vulnerable servers of all kinds are being targeted, compromised and made to mine cryptocurrencies for the attackers.

Apache Solr servers under attack

SANS ISC handler Renato Marihno warns about an active campaign aimed at compromising Apache Solr servers. The campaign infected 1777 victims from February 28 to March 8. Of those, 1416 are Solr servers.

The attackers are exploiting CVE-2017-12629 for gaining access to the vulnerable servers and delivering Monero-mining malware. The flaw dates back to October 12, 2017, and the first public exploit for it to October 17.

The source of the flaw is an incorrectly configured XML parser in the “queryparser” library, Marinho noted, and warned: “As we are dealing with a library flaw, it’s worth mentioning that it may affect other software which depends on ‘queryparser,’ like: IBM InfoSphere version 11.5; JBoss Data Grid verions 7.0.0, 7.1.0; JBoss Enterprise Application Platform (EAP) versions 6, 7, 7.0.8; JBoss Enterprise Portal Platform version 6, among others.”

For more, click here.