CVE-2014-3120 — HIGH (8.1) — White Hats Nepal

Q: How severe is CVE-2014-3120?

CVE-2014-3120 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-3120?

Check the references section above for vendor advisories and patch information. Affected products include: Elastic Elasticsearch.

Vulnerability Description

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Elastic	Elasticsearch	< 1.2.0

Related Weaknesses (CWE)

CWE-284

References

http://bouk.co/blog/elasticsearch-rce/Exploit
http://www.exploit-db.com/exploits/33370Exploit
http://www.osvdb.org/106949Broken Link
http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rceExploitThird Party Advisory
http://www.securityfocus.com/bid/67731Exploit
https://www.elastic.co/blog/logstash-1-4-3-releasedVendor Advisory
https://www.elastic.co/community/security/Vendor Advisory
https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-develExploit
http://bouk.co/blog/elasticsearch-rce/Exploit
http://www.exploit-db.com/exploits/33370Exploit
http://www.osvdb.org/106949Broken Link
http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rceExploitThird Party Advisory
http://www.securityfocus.com/bid/67731Exploit
https://www.elastic.co/blog/logstash-1-4-3-releasedVendor Advisory
https://www.elastic.co/community/security/Vendor Advisory

FAQ

What is CVE-2014-3120?

CVE-2014-3120 is a vulnerability with a CVSS score of 8.1 (HIGH). The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. ...

How severe is CVE-2014-3120?

CVE-2014-3120 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3120?

Check the references section above for vendor advisories and patch information. Affected products include: Elastic Elasticsearch.