Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Elasticsearch vulnerability CVE-2014-6439
Oct 02 2014 02:37PM
Jordan Sissel (jordan sissel elasticsearch com)
Elasticsearch versions 1.3.x and prior have a default configuration for
CORS that allows an attacker to craft links that could cause a userâ??s
browser to send requests to Elasticsearch instances on their local network.
These requests could cause data loss or compromise.
We have been assig...
[ more ]
Copyright 2010, SecurityFocus