6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Elasticsearch is vulnerable to arbitrary code execution. This is because dynamic scripting is enabled by default, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search
.
bouk.co/blog/elasticsearch-rce/
bouk.co/blog/elasticsearch-rce/
www.exploit-db.com/exploits/33370
www.exploit-db.com/exploits/33370
www.osvdb.org/106949
www.osvdb.org/106949
www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce
www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce
www.securityfocus.com/bid/67731
www.securityfocus.com/bid/67731
access.redhat.com/security/updates/classification/#important
rhn.redhat.com/errata/RHSA-2014-1186.html
www.elastic.co/blog/logstash-1-4-3-released
www.elastic.co/blog/logstash-1-4-3-released
www.elastic.co/community/security/
www.elastic.co/community/security/
www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch
www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch