码迷,mamicode.com
首页 > 其他好文 > 详细

ElasticSearch Remote Code Execution (CVE-2014-3120)

时间:2014-05-25 16:40:56      阅读:349      评论:0      收藏:0      [点我收藏+]

标签:blog   c   code   tar   http   a   

Elasticsearch is a powerful open source search and analytics engine. The vulnerability allows attackers read from or append to files on the system hosting ElasticSearch database, could lead to sensitive information disclosure or further attack. Not sured if your ES is vulnerable?

 

在线检测地址:http://tool.scanv.com/es.html

 

漏洞修复方案:在配置文件elasticsearch.yml里设置script.disable_dynamic: true

详见:http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-scripting.html#_disabling_dynamic_scripts

 

bubuko.com,布布扣

ElasticSearch Remote Code Execution (CVE-2014-3120),布布扣,bubuko.com

ElasticSearch Remote Code Execution (CVE-2014-3120)

标签:blog   c   code   tar   http   a   

原文地址:http://www.cnblogs.com/security4399/p/3750697.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!