Issue: elastic search server (port:9200) is prone to the XSS
vulnerability.
*version: *0.19.8
Environment: RHEL 5.10
Vulnerability Description:
The elastic search server fails to adequately sanitize request strings of
malicious JavaScript.
So, an attacker may be able to cause arbitrary HTML and script code to be
executed in a user's browser within the security context of the affected
site.
The request string used to detect this flaw was :
/scripts/uw12snbk.asp?
No handler found for this uri
[/scripts/uw12snbk.asp?] and method [GET]
So, Is there a Elastic Search server configuration which can prevent XSS?
which can provide proper handler message instead of 400 Bad Request in the
response.
Issue: Elasticsearch server (port:9200) is prone to the XSS
vulnerability.
*version: *0.19.8
Environment: RHEL 5.10
Vulnerability Description:
The Elasticsearch server fails to adequately sanitize request strings of
malicious JavaScript.
So, an attacker may be able to cause arbitrary HTML and script code to be
executed in a user's browser within the security context of the affected
site.
The request string used to detect this flaw was :
/scripts/uw12snbk.asp?
No handler found for this uri
[/scripts/uw12snbk.asp?] and method [GET]
So, Is there a Elastic Search server configuration which can prevent XSS?
which can provide proper handler message instead of 400 Bad Request in
the response.
Issue: Elasticsearch server (port:9200) is prone to the XSS
vulnerability.
*version: *0.19.8
Environment: RHEL 5.10
Vulnerability Description:
The Elasticsearch server fails to adequately sanitize request strings of
malicious JavaScript.
So, an attacker may be able to cause arbitrary HTML and script code to be
executed in a user's browser within the security context of the affected
site.
The request string used to detect this flaw was :
/scripts/uw12snbk.asp?
No handler found for this uri
[/scripts/uw12snbk.asp?] and method [GET]
So, Is there a Elastic Search server configuration which can prevent XSS?
which can provide proper handler message instead of 400 Bad Request in
the response.
Issue: Elasticsearch server (port:9200) is prone to the XSS
vulnerability.
*version: *0.19.8
Environment: RHEL 5.10
Vulnerability Description:
The Elasticsearch server fails to adequately sanitize request strings of
malicious JavaScript.
So, an attacker may be able to cause arbitrary HTML and script code to be
executed in a user's browser within the security context of the affected
site.
The request string used to detect this flaw was :
/scripts/uw12snbk.asp?
No handler found for this uri
[/scripts/uw12snbk.asp?] and method [GET]
So, Is there a Elastic Search server configuration which can prevent XSS?
which can provide proper handler message instead of 400 Bad Request in
the response.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.