cbcvebase.
CVE-2015-5377
published 2018-03-06

CVE-2015-5377: Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to…

PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
14.86%
96.3th percentile
Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability

Affected

2 ranges
VendorProductVersion rangeFixed in
elasticelasticsearch< 1.6.11.6.1
elasticelasticsearch>= 0 < 1.7.3+dfsg-31.7.3+dfsg-3

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2015-5377 exploits Elasticsearch via the transport protocol; restrict or monitor access to the Elasticsearch transport port (default 9300) to detect unauthorized remote connections
  • CVE-2015-5377 may be the same vulnerability as CVE-2015-3253 (ZDI claim); cross-reference detections for both CVEs when triaging alerts
  • ·For Satellite 6.x and SAM 1.x, firewall Elasticsearch to trusted users only (e.g. root, katello, foreman) as a mitigation; SAM 1.x only listens on localhost, reducing exposure to local access only
  • ·For SAM 1.x, Elasticsearch only listens on localhost, so exploitation requires local access; CVSS2 score is 3.3 in this configuration rather than 5.8

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.