This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Elastic reports :
Vulnerability Summary: In Elasticsearch versions 1.1.x and prior,
dynamic scripting is enabled by default. This could allow an attacker
to execute OS commands.
Remediation Summary: Disable dynamic scripting.
Logstash 1.4.2 was bundled with Elasticsearch 1.1.1, which is
vulnerable to CVE-2014-3120. These binaries are used in Elasticsearch
output specifically when using the node protocol. Since a node client
joins the Elasticsearch cluster, the attackers could use scripts to
execute commands on the host OS using the node client's URL endpoint.
With 1.4.3 release, we are packaging Logstash with Elasticsearch 1.5.2
binaries which by default disables the ability to run scripts. This
also affects users who are using the configuration option
embedded=>true in the Elasticsearch output which starts a local
embedded Elasticsearch cluster. This is typically used in development
environment and proof of concept deployments. Regardless of this
vulnerability, we strongly recommend not using embedded in production.
Note that users of transport and http protocol are not vulnerable to
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.3
Public Exploit Available : true