ElasticSearch v1.1.1/1.2 RCE Vulnerability CVE-2014-3120 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

ElasticSearch v1.1.1/1.2 RCE Vulnerability CVE-2014-3120 Scanner Detail

ElasticSearch v1.1.1/1.2 allows remote code excecution vulnerability.

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.

Some Advice for Common Problems

You need to update your app.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service