[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2014-3120 ElasticSearch
From:       Henri Salo <henri () nerv ! fi>
Date:       2014-07-30 7:09:11
Message-ID: 20140730070911.GA9168 () kludge ! henri ! nerv ! fi
[Download RAW message or body]


Heads up if you are using ElasticSearch. There has been several cases where
ElasticSearch has been used in server compromise. This is the vulnerability what
they are using. I have also seen this hitting honeypots.

ElasticSearch contains a flaw that is triggered as input passed via the 'source'
parameter to /_search is not properly sanitized. This allows a remote attacker
to manipulate files and execute arbitrary commands.

OSVDB: http://osvdb.org/106949
Good article:
http://bouk.co/blog/elasticsearch-rce/#how_to_secure_against_this_vulnerability

---
Henri Salo

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]