Vulnerability CVE-2014-3120

Vulnerability CVE-2014-3120

Published: 2014-07-28 Modified: 2014-07-29

Description:

	Topic	Author	Date
High	Elastic Search 1.1.1 Arbitrary File Read	Bouke van der Bi...	31.07.2014

Type:

(Information Exposure)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	6.4/10	8.6/10

Affected software
Elasticsearch -> Elasticsearch

http://bouk.co/blog/elasticsearch-rce/

http://www.exploit-db.com/exploits/33370

http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce

http://www.securityfocus.com/bid/67731

https://www.elastic.co/blog/logstash-1-4-3-released

https://www.elastic.co/community/security/

https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch