APP: Elastic Elasticsearch ThrowableObjectInputStream Insecure Deserialization

This signature detects attempts to exploit a known vulnerability in Elastic Elasticsearch. Successful exploitation could result in arbitrary code execution with the privileges of the affected java process.

Extended Description

Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability

Affected Products

Elastic elasticsearch

References

CVE: CVE-2015-5377

Short Name
APP:MISC:ELASTICSEARCH-DESER
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
CVE-2015-5377 Deserialization Elastic Elasticsearch Insecure ThrowableObjectInputStream
Release Date
10/10/2017
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3650
Port
TCP/9300
False Positive
Unknown
Vendors

Elastic

CVSS Score

7.5

Found a potential security threat?