This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:CVE-2018-17246-FI
|
Severity |
Minor
|
Recommended |
Yes
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Elastic Kibana server.js Local File Inclusion
|
Release Date |
2019/02/18
|
Update Number |
3143
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Elastic Kibana server.js Local File Inclusion
This signature detects attempts to exploit a known vulnerability against Elastic Kibana server. Successful exploitation could lead to information disclosure, denial of service and, in the worst case, achieve
arbitrary code execution.
Extended Description
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
Affected Products
- Elasticsearch kibana 5.0.0
- Elasticsearch kibana 5.0.1
- Elasticsearch kibana 5.0.2
- Elasticsearch kibana 5.1.1
- Elasticsearch kibana 5.1.2
- Elasticsearch kibana 5.2.0
- Elasticsearch kibana 5.2.1
- Elasticsearch kibana 5.2.2
- Elasticsearch kibana 5.3.0
- Elasticsearch kibana 5.3.1
- Elasticsearch kibana 5.3.2
- Elasticsearch kibana 5.3.3
- Elasticsearch kibana 5.4.0
- Elasticsearch kibana 5.4.1
- Elasticsearch kibana 5.4.2
- Elasticsearch kibana 5.4.3
- Elasticsearch kibana 5.5.0
- Elasticsearch kibana 5.5.1
- Elasticsearch kibana 5.5.2
- Elasticsearch kibana 5.5.3
- Elasticsearch kibana 5.6.0
- Elasticsearch kibana 5.6.1
- Elasticsearch kibana 5.6.10
- Elasticsearch kibana 5.6.11
- Elasticsearch kibana 5.6.12
- Elasticsearch kibana 5.6.2
- Elasticsearch kibana 5.6.3
- Elasticsearch kibana 5.6.4
- Elasticsearch kibana 5.6.5
- Elasticsearch kibana 5.6.6
- Elasticsearch kibana 5.6.7
- Elasticsearch kibana 5.6.8
- Elasticsearch kibana 5.6.9
- Elasticsearch kibana 6.0.0
- Elasticsearch kibana 6.0.1
- Elasticsearch kibana 6.1.0
- Elasticsearch kibana 6.1.1
- Elasticsearch kibana 6.1.2
- Elasticsearch kibana 6.1.3
- Elasticsearch kibana 6.1.4
- Elasticsearch kibana 6.2.0
- Elasticsearch kibana 6.2.1
- Elasticsearch kibana 6.2.2
- Elasticsearch kibana 6.2.3
- Elasticsearch kibana 6.2.4
- Elasticsearch kibana 6.3.0
- Elasticsearch kibana 6.3.1
- Elasticsearch kibana 6.3.2
- Elasticsearch kibana 6.4.0
- Elasticsearch kibana 6.4.1
- Elasticsearch kibana 6.4.2
- Redhat openshift_container_platform 3.11
References