Lucene search
K

8 matches found

Nuclei
Nuclei
added 6 days ago63 views

ElasticSearch v1.1.1/1.2 RCE

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search. Be aware this only violates the vendor's intended security policy if the user does not run...

8.1CVSS7.6AI score0.88559EPSS
Exploits17References5
VulnCheck KEV
VulnCheck KEV
added 2022/03/25 12:0 a.m.3 views

VulnCheck KEV: CVE-2014-3120

Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code...

8.1CVSS7.5AI score0.88559EPSS
Exploits17References1
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.27 views

Elasticsearch Remote Code Execution Vulnerability

Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code...

8.1CVSS7.1AI score0.88559EPSS
In wildExploits17
Veracode
Veracode
added 2017/03/14 3:18 a.m.110 views

Remote Code Execution (RCE)

Elasticsearch is vulnerable to arbitrary code execution. This is because dynamic scripting is enabled by default, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search...

8.1CVSS7AI score0.88559EPSS
Exploits17References18Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/09/12 12:0 a.m.37 views

RHEL 6 : katello-configure (RHSA-2014:1186)

An updated katello-configure package that fixes one security issue is now available for Red Hat Subscription Asset Manager. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.1CVSS7.8AI score0.88559EPSS
Exploits17References3
RedHat Linux
RedHat Linux
added 2014/09/11 9:18 p.m.11 views

elasticsearch: remote code execution flaw via dynamic scripting

It was discovered that the default configuration of Elasticsearch enabled dynamic scripting, allowing a remote attacker to execute arbitrary MVEL expressions and Java code via the source parameter passed to search...

8.1CVSS6.2AI score0.88559EPSS
Exploits17References6
RedHat Linux
RedHat Linux
added 2014/09/10 5:43 a.m.12 views

elasticsearch: remote code execution flaw via dynamic scripting

It was discovered that the default configuration of Elasticsearch enabled dynamic scripting, allowing a remote attacker to execute arbitrary MVEL expressions and Java code via the source parameter passed to search...

8.1CVSS6.2AI score0.88559EPSS
Exploits17References6
Prion
Prion
added 2014/07/28 7:55 p.m.30 views

Default configuration

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search. NOTE: this only violates the vendor's intended security policy if the user does not run...

6.8CVSS7.9AI score0.88559EPSS
Exploits17References8Affected Software1
Rows per page
Query Builder