BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Elasticsearch vulnerability CVE-2014-6439 Oct 02 2014 02:37PM
Jordan Sissel (jordan sissel elasticsearch com)
Summary:
Elasticsearch versions 1.3.x and prior have a default configuration for
CORS that allows an attacker to craft links that could cause a userâ??s
browser to send requests to Elasticsearch instances on their local network.
These requests could cause data loss or compromise.

We have been assig...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus