elasticsearch weak CORS policy
news
/
advisories
/
software
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
elasticsearch weak CORS policy
Published:
05.10.2014
Source:
BUGTRAQ
SecurityVulns ID:
13990
Type:
remote
Threat Level:
4
/10
Description:
Crossite requests to local network are possible.
Affected:
ELASTIC
:
elasticsearch 1.3
CVE:
CVE-2014-6439
(Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original document
ELASTIC
,
Elasticsearch vulnerability CVE-2014-6439
(
05.10.2014
)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Nizhny Novgorod
Enter your search terms
Web
securityvulns.com
Submit search form
