CVE-2014-6439

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 01-10-2014 02:00

Last modified: - 01-10-2014 02:00

Total changes: - 10

Description

CVE-2014-6439 Elasticsearch: CSRF via insecure CORS default configuration

Common Vulnerability Scoring System (CVSS)

AV:L/AC:M/Au:N/C:N/I:P/A:N

Low

Attack complexity

Local

Attack vector

None

Availability

None

Confidentiality

Low

Integrity

-

Privileges required

-

Scope

-

User interaction

1.9

Base score

Exploitability score

Impact score

Verification logic

OR

AND

product=amq-6 AND version=

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=1

AND

product=fuse-6 AND version=

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=1

AND

product=fuse-esb-7 AND version=

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=1

AND

product=fuse-mc-7 AND version=

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=1

AND

product=fuse-mq-7 AND version=

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_web_server AND version=1

AND

product=Discovery AND version=

vendor=Red Hat Enterprise Linux AND product=satellite AND version=6

AND

product=Elasticsearch AND version=

vendor=rhel_sam AND product=1

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1149945

Keywords

REDHAT

CVE-2014-6439

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.