This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
An updated katello-configure package that fixes one security issue is
now available for Red Hat Subscription Asset Manager.
Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.
The katello-configure package provides the katello-configure script,
which configures the Katello installation, and the katello-upgrade
script, which handles upgrades between versions.
It was discovered that the default configuration of Elasticsearch
enabled dynamic scripting, allowing a remote attacker to execute
arbitrary MVEL expressions and Java code via the source parameter
passed to _search. (CVE-2014-3120)
All Subscription Asset Manager users are advised to upgrade to this
updated package. The update provides a script that modifies the
elasticsearch.yml configuration file to disable dynamic scripting.
After updating, run the 'katello-configure' command. This will update
the elasticsearch.yml configuration file and restart the elasticsearch
See also :
Update the affected katello-configure package.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.8
Public Exploit Available : true