7 matches found
Elasticsearch ESA-2015-06
Elasticsearch versions prior to 1.6.1 are vulnerable to an attack that can result in remote code execution. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid119499; scriptversion"1.2"; scriptcvsdate"Date: 2019/11/01"; scriptcveid"CVE-2015-5377";...
Security Bulletin: Multiple security vulnerabilities in Elasticsearch might affect Process Federation Server in IBM Business Process Manager (BPM) - CVE-2015-5531, CVE-2015-5377
Summary IBM Process Federation Server is an optional component that is shipped with IBM Business Process Manager BPM V8.5.6.0. It allows the collection of task information of existing IBM Business Process Manager environments to provide a federated task list. IBM Process Federation Server uses th...
Design/Logic Flaw
DISPUTED Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability...
CVE-2015-5377
Technical details for CVE-2015-5377 are not publicly available in the provided documents. Monitor for updates; the connected sources here do not disclose affected products/versions, root cause, or fixes specific to this CVE.
Elasticsearch Transport Protocol Unspecified Remote Code Execution
Elasticsearch could allow a remote attacker to execute arbitrary code on the system, caused by an error in the transport protocol. An attacker could exploit this vulnerability to execute arbitrary code on the system. C Tenable Network Security, Inc. include"compat.inc"; if description...
Elasticsearch < 1.6.1 Multiple Vulnerabilities - Windows
Elasticsearch is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:elasticsearch";...
Elasticsearch CVE-2015-5377
Summary: Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on its transport protocol that enables remote code execution. This issue is related to the Groovy announcement in CVE-2015-3253. Deployments are vulnerable even when Groovy dynamic scripting is disabled. We have...