CVE-2015-5377
published 2018-03-06CVE-2015-5377: Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to…
PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
14.86%
96.3th percentile
Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | elasticsearch | < 1.6.1 | 1.6.1 |
| elastic | elasticsearch | >= 0 < 1.7.3+dfsg-3 | 1.7.3+dfsg-3 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2015-5377 exploits Elasticsearch via the transport protocol; restrict or monitor access to the Elasticsearch transport port (default 9300) to detect unauthorized remote connections ↗
- →CVE-2015-5377 may be the same vulnerability as CVE-2015-3253 (ZDI claim); cross-reference detections for both CVEs when triaging alerts ↗
- ·For Satellite 6.x and SAM 1.x, firewall Elasticsearch to trusted users only (e.g. root, katello, foreman) as a mitigation; SAM 1.x only listens on localhost, reducing exposure to local access only ↗
- ·For SAM 1.x, Elasticsearch only listens on localhost, so exploitation requires local access; CVSS2 score is 3.3 in this configuration rather than 5.8 ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vwpr-g44g-2pf3: ** DISPUTED ** Elasticsearch before 1
ghsa_unreviewed·2022-05-14·CVSS 9.8
CVE-2015-5377 [CRITICAL] CWE-74 GHSA-vwpr-g44g-2pf3: ** DISPUTED ** Elasticsearch before 1
** DISPUTED ** Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability.
OSV
CVE-2015-5377: ** DISPUTED ** Elasticsearch before 1
osv·2018-03-06·CVSS 9.8
CVE-2015-5377 [CRITICAL] CVE-2015-5377: ** DISPUTED ** Elasticsearch before 1
** DISPUTED ** Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability.
Red Hat
elasticsearch: unspecified remote code execution vulnerability
vendor_redhat·2015-07-16·CVSS 9.8
CVE-2015-5377 [CRITICAL] elasticsearch: unspecified remote code execution vulnerability
elasticsearch: unspecified remote code execution vulnerability
Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability
Statement: This issue affects the versions of elasticsearch as shipped with Red Hat Satellite 6.x and Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Mitigation: For Satellite 6.x and Sam 1.x you can simply firewall elasticsearch to trusted users only (e.g. root, katello, fo
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-5377 CVE-2015-5531 elasticsearch: various flaws [fedora-all]
bugzilla·2015-07-17·CVSS 9.8
CVE-2015-5377 [CRITICAL] CVE-2015-5377 CVE-2015-5531 elasticsearch: various flaws [fedora-all]
CVE-2015-5377 CVE-2015-5531 elasticsearch: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora.
Bugzilla
CVE-2015-5377 elasticsearch: unspecified remote code execution vulnerability
bugzilla·2015-07-17·CVSS 9.8
CVE-2015-5377 [CRITICAL] CVE-2015-5377 elasticsearch: unspecified remote code execution vulnerability
CVE-2015-5377 elasticsearch: unspecified remote code execution vulnerability
It was reported that Elasticsearch versions prior to 1.6.1 are vulnerable to an unspecified attack, leading to remote code execution.
Upstream fix is not known at the time of writing.
Discussion:
Created elasticsearch tracking bugs for this issue:
Affects: fedora-all [bug 1244239]
---
Reference:
http://seclists.org/bugtraq/2015/Jul/82
---
Mitigation:
For Satellite 6.x and Sam 1.x you can simply firewall elasticsearch to trusted users only (e.g. root, katello, foreman). For instructions on this please see:
https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.0/html-single/Installation_Guide/index.html#sect-Red_Hat_Satellite-Installation_Guide-Red_Hat_Satellite_Installation-Configuring_Red_H
http://www.securityfocus.com/bid/75938http://www.zerodayinitiative.com/advisories/ZDI-15-365/https://discuss.elastic.co/t/elasticsearch-remote-code-execution-cve-2015-5377/25736https://github.com/elastic/elasticsearch/commit/bf3052d14c874aead7da8855c5fcadf5428a43f2http://www.securityfocus.com/bid/75938http://www.zerodayinitiative.com/advisories/ZDI-15-365/https://discuss.elastic.co/t/elasticsearch-remote-code-execution-cve-2015-5377/25736https://github.com/elastic/elasticsearch/commit/bf3052d14c874aead7da8855c5fcadf5428a43f2
2018-03-06
Published