{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-15T00:00:00", "descriptions": [{"lang": "en", "value": "The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-06-15T14:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.elastic.co/blog/logstash-1-4-3-released"}, {"name": "33370", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/33370"}, {"name": "67731", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67731"}, {"name": "106949", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/106949"}, {"tags": ["x_refsource_MISC"], "url": "http://bouk.co/blog/elasticsearch-rce/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce"}, {"tags": ["x_refsource_MISC"], "url": "https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.elastic.co/community/security/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3120", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.elastic.co/blog/logstash-1-4-3-released", "refsource": "CONFIRM", "url": "https://www.elastic.co/blog/logstash-1-4-3-released"}, {"name": "33370", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/33370"}, {"name": "67731", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67731"}, {"name": "106949", "refsource": "OSVDB", "url": "http://www.osvdb.org/106949"}, {"name": "http://bouk.co/blog/elasticsearch-rce/", "refsource": "MISC", "url": "http://bouk.co/blog/elasticsearch-rce/"}, {"name": "http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce", "refsource": "MISC", "url": "http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce"}, {"name": "https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch", "refsource": "MISC", "url": "https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch"}, {"name": "https://www.elastic.co/community/security/", "refsource": "CONFIRM", "url": "https://www.elastic.co/community/security/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:35:56.466Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.elastic.co/blog/logstash-1-4-3-released"}, {"name": "33370", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/33370"}, {"name": "67731", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67731"}, {"name": "106949", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/106949"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bouk.co/blog/elasticsearch-rce/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.elastic.co/community/security/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3120", "datePublished": "2014-07-28T19:00:00", "dateReserved": "2014-04-29T00:00:00", "dateUpdated": "2024-08-06T10:35:56.466Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2022-04-15", "cisaExploitAdd": "2022-03-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Elasticsearch Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:*", "matchCriteriaId": "B31061F1-66B7-4F12-93CE-685F82BCB17B", "versionEndIncluding": "1.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto en Elasticsearch anterior a 1.2 habilita secuencias de comandos din\u00e1micos, lo que permite a atacantes remotos ejecutar expresiones MVEL arbitrarias y c\u00f3digo Java a trav\u00e9s del par\u00e1metro source en _search. NOTA: esto solamente viola la pol\u00edtica de seguridad del proveedor si el usuario no hace funcionar Elasticsearch en su propia maquina virtual independiente."}], "id": "CVE-2014-3120", "lastModified": "2016-12-06T18:13:40.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-28T19:55:04.490", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://bouk.co/blog/elasticsearch-rce/"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/33370"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/106949"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/67731"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.elastic.co/blog/logstash-1-4-3-released"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.elastic.co/community/security/"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:1171", "cpe": "cpe:/a:redhat:fuse_esb_enterprise:7.1.0", "product_name": "Fuse ESB Enterprise 7.1.0", "release_date": "2014-09-10T00:00:00Z"}, {"advisory": "RHSA-2014:1171", "cpe": "cpe:/a:redhat:fuse_management_console:7.1.0", "product_name": "Fuse Management Console 7.1.0", "release_date": "2014-09-10T00:00:00Z"}, {"advisory": "RHSA-2014:1171", "cpe": "cpe:/a:redhat:fuse_mq_enterprise:7.1.0", "product_name": "Fuse MQ Enterprise 7.1.0", "release_date": "2014-09-10T00:00:00Z"}, {"advisory": "RHSA-2014:1170", "cpe": "cpe:/a:redhat:jboss_amq:6.1.0", "product_name": "Red Hat JBoss A-MQ 6.1", "release_date": "2014-09-10T00:00:00Z"}, {"advisory": "RHSA-2014:1170", "cpe": "cpe:/a:redhat:jboss_fuse:6.1.0", "product_name": "Red Hat JBoss Fuse 6.1", "release_date": "2014-09-10T00:00:00Z"}, {"advisory": "RHSA-2014:1186", "cpe": "cpe:/a:rhel_sam:1.4::el6", "package": "katello-configure-0:1.4.5.1-3.el6sam", "product_name": "Red Hat Subscription Asset Manager 1.4", "release_date": "2014-09-11T00:00:00Z"}], "bugzilla": {"description": "elasticsearch: remote code execution flaw via dynamic scripting", "id": "1124252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1124252"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-749", "details": ["The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.", "It was discovered that the default configuration of Elasticsearch enabled dynamic scripting, allowing a remote attacker to execute arbitrary MVEL expressions and Java code via the source parameter passed to _search."], "name": "CVE-2014-3120", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "amq-6", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "fuse-6", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "fuse-amq-7", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "fuse-esb-7", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "elasticsearch", "product_name": "Red Hat Satellite 6"}], "public_date": "2013-12-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3120\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3120\nhttps://access.redhat.com/solutions/1191453\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "On Subscription Asset Manager (SAM) 1, the elasticsearch service is only bound to the loopback interface by default. To exploit this issue on a SAM 1 system, an attacker must have local access to the system. On Red Hat JBoss Fuse and Red Hat JBoss A-MQ, the elasticsearch service is only started if the insight-elasticsearch feature is installed. This feature is not installed by default.", "threat_severity": "Important", "upstream_fix": "elasticsearch 1.2.0"}