[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Elasticsearch CVE-2015-5377

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Elasticsearch CVE-2015-5377
From: Kevin Kluge <kevin@xxxxxxxxxx>
Date: Thu, 16 Jul 2015 10:19:28 -0700

Summary:
Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on 
its transport protocol that enables remote code execution.  This issue is 
related to the Groovy announcement in  CVE-2015-3253.  

Deployments are vulnerable even when Groovy dynamic scripting is disabled.  

We have been assigned CVE-2015-5377 for this issue.


Fixed versions:
Version 1.6.1 and 1.7.0 address the vulnerability.


Remediation:
Users should upgrade to the 1.6.1 or 1.7.0 release.

Users that do not want to upgrade can address the vulnerability by securing the 
transport protocol port (default 9300) to allow access by only trusted agents.


CVSS
Overall CVSS score: 5.1

Credits:
cpnrodzc7 working with HP's Zero Day Initiative (ZDI) found a similar issue 
with Elasticsearch.

Prev by Date: ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability
Next by Date: Elasticsearch CVE-2015-5531
Previous by thread: ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability
Next by thread: Elasticsearch CVE-2015-5531
Index(es):
- Date
- Thread