HTTP: Elastic Kibana server.js Local File Inclusion
This signature detects attempts to exploit a known vulnerability against Elastic Kibana server. Successful exploitation could lead to information disclosure, denial of service and, in the worst case, achieve arbitrary code execution.
Extended Description
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
Affected Products
Redhat openshift_container_platform
References
BugTraq: 106285
CVE: CVE-2018-17246
URL: https://www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it/
Short Name
HTTP:CVE-2018-17246-FI
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-17246 Elastic File Inclusion Kibana Local bid:106285 server.js
Release Date
02/18/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Redhat
Elastic
CVSS Score
7.5