Elasticsearch is a powerful open source search and analytics engine. The vulnerability allows attackers read from or append to files on the system hosting ElasticSearch database, could lead to sensitive information disclosure or further attack. Not sured if your ES is vulnerable?
在线检测地址:http://tool.scanv.com/es.html
漏洞修复方案:在配置文件elasticsearch.yml里设置script.disable_dynamic: true
ElasticSearch Remote Code Execution (CVE-2014-3120),布布扣,bubuko.com
ElasticSearch Remote Code Execution (CVE-2014-3120)
原文地址:http://www.cnblogs.com/security4399/p/3750697.html