Jump to content

Security vulnerability in Elasticsearch and via Apache Log4j

Recommended Posts


There is a vulnerability that has been discovered in popular Java logging library Log4j 2 which may allow attackers to run code remotely on your servers.

Apache Log4j 2 is bundled with and used in many Java applications including Elasticsearch.

So if you are using Elastic Search you may be vulnerable.

Vulnerability info:


As there is no official patches out yet and the exploitation of the vulnerability already started you may want to apply a workaround until an official patch released:


So for Elasticsearch version 6.4 and up:

Edit your jvm.options configuration file usually located at:


and edit at the end this line:



Then restart Elastic Search using something:

systemctl restart elasticsearch


If you are using ELastic Search version 6.3 and and any earlier version please upgrade asap to the latest supported version by Invision.

The 6.3 and earlier versions are using an old version of Log4j which means the above workaround will not work !


Update also your JDK :

When running on older JDKs, an attacker is able to inject and execute a remote Java class.

On recent JDKs the attack is limited to potential DoS - causing data ingestion to temporarily stop - and information leakage, but no remote code execution attack vectors are known.


Keep your servers secured !!!!



Edited by ASTRAPI
Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...