Release v1.2.0-security-fix: Security Fix for Ip Authentication compatible with ES 1.2.0 · DataToKnowledge/elasticsearch-http-basic · GitHub

8000 Release v1.2.0-security-fix: Security Fix for Ip Authentication compatible with ES 1.2.0 · DataToKnowledge/elasticsearch-http-basic · GitHub

63D7 v1.2.0-security-fix
5bafc90
Compare

Choose a tag to compare

Loading

View all tags

v1.2.0-security-fix: Security Fix for Ip Authentication compatible with ES 1.2.0

v1.2.0-security-fix
5bafc90
Compare

Choose a tag to compare

Loading

View all tags

tagged this 07 Oct 15:44

Due to implementation of how the ip of the client
is obtained it is very easy for an attacker to authenticate
its ip by setting the ip in the 'Host' header or as first ip in the
'X-Forwarded-For' header

Assets 2

0