We're sorry, the page you were looking for appears to no longer exist, or has been moved.
Companies and individuals who would like to reduce the risk of a social media compromise can download DDI’s free “Social Butterfly” Guide. CLICK HERE to download and learn more about heightening security when engaging through social media.
07/28/2014 » CVE-2014-3120
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine. [READ ME]