Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HElastic Elasticsearch
APPElastic< 1.6.1
Related vulnerabilities
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to by...
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers...
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenti...
A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacke...
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed...