First published: Mon Dec 09 2013(Updated: )
Common Vulnerabilities and Exposures assigned an identifier <a href="https://access.redhat.com/security/cve/CVE-2014-3120">CVE-2014-3120</a> to the following vulnerability: Name: <a href="https://access.redhat.com/security/cve/CVE-2014-3120">CVE-2014-3120</a> URL: <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3120">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3120</a> Assigned: 20140429 Reference: EXPLOIT-DB:33370 Reference: <a href="http://www.exploit-db.com/exploits/33370">http://www.exploit-db.com/exploits/33370</a> Reference: <a href="http://bouk.co/blog/elasticsearch-rce/">http://bouk.co/blog/elasticsearch-rce/</a> Reference: <a href="http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce">http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce</a> Reference: <a href="https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch">https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch</a> Reference: <a href="http://www.securityfocus.com/bid/67731">http://www.securityfocus.com/bid/67731</a> Reference: OSVDB:106949 Reference: <a href="http://www.osvdb.org/106949">http://www.osvdb.org/106949</a> The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine. As noted in <<a href="http://bouk.co/blog/elasticsearch-rce/">http://bouk.co/blog/elasticsearch-rce/</a>>, adding "script.disable_dynamic: true" to elasticsearch.yml, and ensuring Elasticsearch only binds to localhost, can help mitigate this issue.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/katello-configure | <0:1.4.5.1-3.el6 | 0:1.4.5.1-3.el6 |
Elasticsearch Elasticsearch | <=1.1.1 | |
redhat/elasticsearch | <1.2.0 | 1.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)