18 matches found
GHSA-MRFM-JXGF-2H6V Elasticsearch Improper Access Control vulnerability
The default configuration in Elasticsearch before 1.4.0.Beta1 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search. NOTE: this only violates the vendor's intended security policy if the user does not run...
Elasticsearch Improper Access Control vulnerability
The default configuration in Elasticsearch before 1.4.0.Beta1 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search. NOTE: this only violates the vendor's intended security policy if the user does not run...
VulnCheck KEV: CVE-2014-3120
Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code...
Elasticsearch Remote Code Execution Vulnerability
Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code...
Remote Code Execution (RCE)
Elasticsearch is vulnerable to arbitrary code execution. This is because dynamic scripting is enabled by default, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search...
FreeBSD : elasticsearch and logstash -- remote OS command execution via dynamic scripting (43ac9d42-1b9a-11e5-b43d-002590263bf5)
Elastic reports : Vulnerability Summary: In Elasticsearch versions 1.1.x and prior, dynamic scripting is enabled by default. This could allow an attacker to execute OS commands. Remediation Summary: Disable dynamic scripting. Logstash 1.4.2 was bundled with Elasticsearch 1.1.1, which is vulnerabl...
Immunity Canvas: ELASTICSEARCH_CVE_2015_1427
Name| elasticsearchCVE20151427 ---|--- CVE| CVE-2015-1427 Exploit Pack| CANVAS Description| elasticsearchCVE-2015-1427 Notes| CVE Name: CVE-2015-1427 VENDOR: elastic Notes: Elasticsearch versions 1.3.x before 1.3.8 and 1.4.x before 1.4.3 have dynamic scripting features enabled by default using...
RHEL 6 : katello-configure (RHSA-2014:1186)
An updated katello-configure package that fixes one security issue is now available for Red Hat Subscription Asset Manager. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Important: Red Hat Security Advisory: katello-configure security update
An updated katello-configure package that fixes one security issue is now available for Red Hat Subscription Asset Manager. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
elasticsearch: remote code execution flaw via dynamic scripting
It was discovered that the default configuration of Elasticsearch enabled dynamic scripting, allowing a remote attacker to execute arbitrary MVEL expressions and Java code via the source parameter passed to search...
elasticsearch: remote code execution flaw via dynamic scripting
It was discovered that the default configuration of Elasticsearch enabled dynamic scripting, allowing a remote attacker to execute arbitrary MVEL expressions and Java code via the source parameter passed to search...
elasticsearch: remote code execution flaw via dynamic scripting
It was discovered that the default configuration of Elasticsearch enabled dynamic scripting, allowing a remote attacker to execute arbitrary MVEL expressions and Java code via the source parameter passed to search...
CVE-2014-3120
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search. NOTE: this only violates the vendor's intended security policy if the user does not run...
Default configuration
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search. NOTE: this only violates the vendor's intended security policy if the user does not run...
CVE-2014-3120
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search. NOTE: this only violates the vendor's intended security policy if the user does not run...
CVE-2014-3120
CVE-2014-3120 : Elasticsearch’s default configuration prior to certain builds enables dynamic scripting, allowing remote attackers to execute arbitrary MVEL expressions and Java code via the _search source parameter. Public references indicate this enables remote code execution and constitutes a ...
PT-2014-5099
Name of the Vulnerable Software and Affected Versions Elasticsearch versions prior to 1.2 Description The default configuration in Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to the search...
elasticsearch and logstash -- remote OS command execution via dynamic scripting
Elastic reports: Vulnerability Summary: In Elasticsearch versions 1.1.x and prior, dynamic scripting is enabled by default. This could allow an attacker to execute OS commands. Remediation Summary: Disable dynamic scripting. Logstash 1.4.2 was bundled with Elasticsearch 1.1.1, which is vulnerable...