Elastic.Kibana.server.js.Local.File.Inclusion
Description
This indicates an attack attempt against a Local File Inclusion vulnerability in Elastic Stack's Kibana plugin.
The vulnerability is due to insufficient input validation in the application when handling a crafted request. A remote attacker could exploit this to to access arbitrary files and execute arbitrary code within the context of the system.
Affected Products
Elastic Kibana prior to 5.6.13
Elastic Kibana prior to 6.4.3
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Refer to the vendor's advisory for updates:
https://www.elastic.co/blog/kibana-local-file-inclusion-flaw-cve-2018-17246
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-06 | 14.627 | Severity:high:critical |
2019-03-01 | 14.564 | Default_action:pass:drop |
2019-01-18 | 14.527 |