Watchbog malware installed using solr < 7.1 vulnerability & support of newer version of solr

[owebia]

Hi,

A bot is using a solr vulnerability to install a malware on linux servers:
https://nvd.nist.gov/vuln/detail/CVE-2017-12629

In solr logs, you can see when the bot exploited this vulnerability:

sed -n -e '/-listener/,/INFO/ p' /var/solr/logs/solr.log*

This attack adds a file /var/solr/data/*/conf/configoverlay.json

Here are some resources for those having been affected: https://www.alibabacloud.com/blog/return-of-watchbog-exploiting-jenkins-cve-2018-1000861_594798 https://github.com/blackrangersoftware/kill4watchbog/blob/master/kill4watchbog.sh

Please @apbassi89, @davidverholen, @steverobbins, @wigman, can you consider making your extension compatible with solr > 7.1?

Best Regards, A.L.