elasticsearch and logstash -- remote OS command execution via dynamic scripting

🗓️ 22 May 2014 00:00:00Reported by FreeBSDType

Insecure remote OS command execution via dynamic scripting in Elasticsearch and Logstas

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 34
exploitpack	ElasticSearch - Remote Code Execution	15 May 201400:00	–	exploitpack
CVE	CVE-2014-3120	28 Jul 201419:55	–	cve
CISA KEV Catalog	Elasticsearch Remote Code Execution Vulnerability	25 Mar 202200:00	–	cisa_kev
Tenable Nessus	RHEL 6 : katello-configure (RHSA-2014:1186)	12 Sep 201400:00	–	nessus
Tenable Nessus	Elasticsearch 'source' Parameter RCE	17 Jul 201400:00	–	nessus
Tenable Nessus	FreeBSD : elasticsearch and logstash -- remote OS command execution via dynamic scripting (43ac9d42-1b9a-11e5-b43d-002590263bf5)	26 Jun 201500:00	–	nessus
Metasploit	ElasticSearch Dynamic Script Arbitrary Java Execution	27 May 201423:01	–	metasploit
Check Point Advisories	ElasticSearch search Remote Code Execution (CVE-2014-3120)	25 May 201400:00	–	checkpoint_advisories
Prion	Default configuration	28 Jul 201419:55	–	prion
Packet Storm	Elastic Search 1.1.1 Arbitrary File Read	30 Jul 201400:00	–	packetstorm

OS	OS Version	Architecture	Package	Package Version	Filename
FreeBSD	any	noarch	elasticsearch	1.2.0	UNKNOWN
FreeBSD	any	noarch	logstash	1.4.3	UNKNOWN

Source	Link
elastic	www.elastic.co/community/security
found	www.found.no/foundation/elasticsearch-security/
exploit-db	www.exploit-db.com/exploits/33370/
elastic	www.elastic.co/blog/logstash-1-4-3-released
bouk	www.bouk.co/blog/elasticsearch-rce/
rapid7	www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce
elastic	www.elastic.co/blog/elasticsearch-1-2-0-released

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 May 2014 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS26.8

CVSS38.1

EPSS0.79814