Computer Security
[EN] securityvulns.ru no-pyccku


elasticsearch weak CORS policy
Published:05.10.2014
Source:
SecurityVulns ID:13990
Type:remote
Threat Level:
4/10
Description:Crossite requests to local network are possible.
Affected:ELASTIC : elasticsearch 1.3
CVE:CVE-2014-6439 (Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentELASTIC, Elasticsearch vulnerability CVE-2014-6439 (05.10.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod