Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Elastic Elasticsearch DoS Vulnerability (ESA-2021-15)
Information
Severity
Severity
Medium
Family
Family
Web application abuses
CVSSv2 Base
CVSSv2 Base
5.5
CVSSv2 Vector
CVSSv2 Vector
AV:A/AC:L/Au:S/C:N/I:N/A:C
Solution Type
Solution Type
Vendor Patch
Created
Created
2 years ago
Modified
Modified
2 years ago
Summary
Elasticsearch is prone to a denial of service (DoS) vulnerability.
Insight
Insight
An uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
Affected Software
Affected Software
Elasticsearch prior to version 6.8.17 and 7.x prior to 7.13.3.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 6.8.17, 7.13.3 or later.