5.9

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-17247

GHSA ID

GHSA-ccmr-qj26-845g

EPSS Score

0.57295%

CWE

CWE-611

Published

5/13/2022

Updated

1/27/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-17247

CVE-2018-17247: Improper Restriction of XML External Entity Reference in Elasticsearch

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content of local files on the Elasticsearch node. This could allow a user to access information that they should not have access to.

(GitHub Advisory)

5.9

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-17247

GHSA ID

GHSA-ccmr-qj26-845g

EPSS Score

0.57295%

CWE

CWE-611

Published

5/13/2022

Updated

1/27/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.elasticsearch:elasticsearch	maven	>= 6.5.0, < 6.5.2	6.5.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability centers around insecure XML parsing in Machine Learning's find_file_structure API. While no patch code is provided, the advisory explicitly identifies the affected component. In Elasticsearch's architecture:

TransportAction.doExecute methods handle API request execution
FileStructureFinderManager contains format-specific parsing logic
XXE vulnerabilities typically manifest in DocumentBuilderFactory configuration

These functions would appear in stack traces when processing malicious XML content through the vulnerable API. The medium confidence reflects inference from architectural patterns rather than direct patch analysis.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*l*sti*s**r** S**urity v*rsions *.*.* *n* *.*.* *ont*in *n XX* *l*w in M***in* L**rnin*'s *in*_*il*_stru*tur* *PI. I* * poli*y *llowin* *xt*rn*l n*twork ****ss **s ***n ***** to *l*sti*s**r**'s J*v* S**urity M*n***r t**n *n *tt**k*r *oul* s*n* * sp**

Reasoning

T** vuln*r**ility **nt*rs *roun* ins**ur* XML p*rsin* in M***in* L**rnin*'s *in*_*il*_stru*tur* *PI. W*il* no p*t** *o** is provi***, t** **visory *xpli*itly i**nti*i*s t** *****t** *ompon*nt. In *l*sti*s**r**'s *r**it**tur*: *. Tr*nsport**tion.*o*x*

5.9

Basic Information

Concerned about an active attack path?

CVE-2018-17247: Improper Restriction of XML External Entity Reference in Elasticsearch

5.9

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI