Yup; I reported that issue ;-) One of the easiest things you can do is simply disable "remote streaming" in solrconfig.xml, assuming you aren't using it. There is already a warning in the config about it's inherent security risk.
It's unfortunate there isn't a parameter filter & cleanser for Solr; at least not one that I know of. Even putting aside the bug I reported, it's fairly easy to do a denial-of-service attack against Solr by:
* faceting on all fields
* sorting on all fields (that are sortable)
* using function queries on all fields you can do function queries on
Those actions will trigger an explosion of RAM usage. Next to pack a punch to the CPU:
* Return a massive result set (rows=1000000)
* Return all fields
* highlight on all of them
* Do fuzzy queries with a low threshold: solr~0.01
* Enable debugQuery=on
* etc.... basically use every Solr component you can think of.
Most of these problems could be reduced a lot by a simple parameter name whitelist and even some basic parameter value validation. I think this would make a great Solr component; I've had it on the back of my mind for a while.
~ David Smiley