GrafMishka
Проверенные
- Сообщения
- 302
- Реакции
- 83
- Баллы
- 3,330
Всем привет. Постоянно присылают абузы о том, что на моём сервере уязвимость из-за Elasticsearch
Что делать?
Dear Sir or Madam,
Elasticsearch[1] is a popular open-source search server based on Apache
Lucene which is usually running on port 9200/tcp. The Elasticsearch server
itself does not support any forms of authentication. Thus, anyone who can
connect to an Elasticsearch server from the Internet has unrestricted
access to the data stored on the server. Furthermore, an attacker can
run DoS attacks on the server or (with version prior to 1.2.x) execute
arbitrary code on the machine that Elasticsearch is hosted on.
The Shadowserver 'Open Elasticsearch Server Scanning Project' identifies
Elasticsearch servers which are openly accessible from the Internet.
Shadowserver provides CERT-Bund with the test results for IP addresses
in Germany for notification of the owners of the affected systems.
Futher information on the tests run by Shadowserver is available at [3].
Please find below a list of affected systems hosted on your network.
The timestamp (timezone UTC) indicates when the system was found
to be running an openly accessible Elasticsearch server.
We would like to ask you to check this issue and take appropriate
steps to secure the Elasticsearch servers on the affected systems
or notify your customers accordingly. Futher information on how to
secure Elasticsearch servers is available at [3].
If you have recently solved the issue but received this notification
again, please note the timestamp included below. You should not
receive any further notifications with timestamps after the issue
has been solved.
References:
[1] Elasticsearch
<Elasticsearch: RESTful, Distributed Search & Analytics | Elastic>
[2] Shadowserver: Open Elasticsearch Server Scanning Project
<The Shadowserver Foundation: Elasticsearch Server Scanning Project>
[3] Elasticsearch: Scripting and Security
<Scripting and Security | Elastic>
This message is digitally signed using PGP.
Details on the signature key used are available on our website at:
<CERT-Bund Reports PGP-Signatur>
Please note:
This is an automatically generated message.
Replying to the sender address is not possible.
In case of questions, please contact <certbund@bsi.bund.de>.
Elasticsearch[1] is a popular open-source search server based on Apache
Lucene which is usually running on port 9200/tcp. The Elasticsearch server
itself does not support any forms of authentication. Thus, anyone who can
connect to an Elasticsearch server from the Internet has unrestricted
access to the data stored on the server. Furthermore, an attacker can
run DoS attacks on the server or (with version prior to 1.2.x) execute
arbitrary code on the machine that Elasticsearch is hosted on.
The Shadowserver 'Open Elasticsearch Server Scanning Project' identifies
Elasticsearch servers which are openly accessible from the Internet.
Shadowserver provides CERT-Bund with the test results for IP addresses
in Germany for notification of the owners of the affected systems.
Futher information on the tests run by Shadowserver is available at [3].
Please find below a list of affected systems hosted on your network.
The timestamp (timezone UTC) indicates when the system was found
to be running an openly accessible Elasticsearch server.
We would like to ask you to check this issue and take appropriate
steps to secure the Elasticsearch servers on the affected systems
or notify your customers accordingly. Futher information on how to
secure Elasticsearch servers is available at [3].
If you have recently solved the issue but received this notification
again, please note the timestamp included below. You should not
receive any further notifications with timestamps after the issue
has been solved.
References:
[1] Elasticsearch
<Elasticsearch: RESTful, Distributed Search & Analytics | Elastic>
[2] Shadowserver: Open Elasticsearch Server Scanning Project
<The Shadowserver Foundation: Elasticsearch Server Scanning Project>
[3] Elasticsearch: Scripting and Security
<Scripting and Security | Elastic>
This message is digitally signed using PGP.
Details on the signature key used are available on our website at:
<CERT-Bund Reports PGP-Signatur>
Please note:
This is an automatically generated message.
Replying to the sender address is not possible.
In case of questions, please contact <certbund@bsi.bund.de>.
Что делать?
Последнее редактирование модератором:
