Lucene search
HistoryOct 10, 2014 - 1:55 a.m.
CVE-2014-6439
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.4%
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected configurations
Node
elasticsearchelasticsearchRange≤1.3.3
Related
openvas
openvas
Elasticsearch Cross-site Scripting (XSS) Vulnerability - Linux
2016-06-28 00:00:00
Elasticsearch Cross-site Scripting (XSS) Vulnerability - Windows
2016-06-23 00:00:00
osv
osv
Cross-site scripting in Elasticsearch
2022-05-14 02:51:14
nessus
nessus
securityvulns
securityvulns
Elasticsearch vulnerability CVE-2014-6439
2014-10-05 00:00:00
elasticsearch weak CORS policy
2014-10-05 00:00:00
github
github
Cross-site scripting in Elasticsearch
2022-05-14 02:51:14
cve
cve
CVE-2014-6439
2014-10-10 01:55:11
freebsd
freebsd
prion
prion
Cross site scripting
2014-10-10 01:55:00
cvelist
cvelist
CVE-2014-6439
2014-10-10 01:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.4%
Related for NVD:CVE-2014-6439