Executive Summary

Informations
Name CVE-2014-3120 First vendor Publication 2014-07-28
Vendor Cve Last vendor Modification 2016-12-06

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3120

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-284 Access Control (Authorization) Issues

ExploitDB Exploits

id Description
2014-05-15 ElasticSearch Remote Code Execution

Snort® IPS/IDS

Date Description
2017-11-30 ElasticSearch script remote code execution attempt
RuleID : 44690 - Revision : 3 - Type : SERVER-OTHER
2016-03-14 ElasticSearch information disclosure attempt
RuleID : 36256 - Revision : 4 - Type : SERVER-OTHER
2015-04-14 ElasticSearch script remote code execution attempt
RuleID : 33830 - Revision : 5 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2015-06-26 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_43ac9d421b9a11e5b43d002590263bf5.nasl - Type : ACT_GATHER_INFO
2014-09-12 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-1186.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote web server hosts a Java application that is affected by a remote c...
File : elasticsearch_rce.nasl - Type : ACT_ATTACK

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/67731
CONFIRM https://www.elastic.co/blog/logstash-1-4-3-released
https://www.elastic.co/community/security/
EXPLOIT-DB http://www.exploit-db.com/exploits/33370
MISC http://bouk.co/blog/elasticsearch-rce/
http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce
https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-de...
OSVDB http://www.osvdb.org/106949

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Date Informations
2021-04-22 01:37:41
  • Multiple Updates
2020-05-23 13:17:05
  • Multiple Updates
2020-05-23 01:51:51
  • Multiple Updates
2020-05-23 00:40:45
  • Multiple Updates
2016-12-06 21:24:39
  • Multiple Updates
2016-06-28 22:42:28
  • Multiple Updates
2016-03-07 00:23:38
  • Multiple Updates
2016-03-06 21:22:01
  • Multiple Updates
2015-06-27 13:28:47
  • Multiple Updates
2015-06-25 21:26:21
  • Multiple Updates
2015-06-18 09:26:35
  • Multiple Updates
2015-04-14 21:26:03
  • Multiple Updates
2014-09-13 13:43:05
  • Multiple Updates
2014-07-29 21:23:26
  • Multiple Updates
2014-07-29 00:22:02
  • First insertion