Elastic Search Vulnerability

Document ID : KB000074476
Last Modified Date : 04/10/2018
Show Technical Document Details
Issue:
Vulnerability scan reports Elastic Search vulnerability with DevTest.
Environment:
DevTest 9.1.0 , 9.5.1, 10.0.0, 10.1.0 and 10.2.4
Resolution:
 Please open a ticket with CA Support.

There are patches available for the Elastic Search vulnerability for each specified release.

Covers these vulnerabilities:

Elasticsearch Unrestricted Access Information Disclosure 
Elasticsearch Transport Protocol Unspecified Remote Code Execution 
Additional Information:
Our patch for Elastic Search vulnerability is fixed through code, even though the elasticsearch-1.5.2.jar is still there in the folder, the code will fix the vulnerability when your DevTest components are running. 

Be aware DevTest 9.5.1 is end of life. I suggest to upgrade to a supported release. 

Our latest release is DevTest 10.4.0 and is has elasticsearch-1.6.1.jar.

One way you can verify early before the scan by bringing up a Browser on the machine where the portal is running and enter: localhost:9200 

You should get a response back like this: 


"status" : 200, 
"name" : "Bast", 
"cluster_name" : "elasticsearch", 
"version" : { 
"number" : "1.5.2", 
"build_hash" : "62ff9868b4c8a0c45860bebb259e21980778ab1c", 
"build_timestamp" : "2015-04-27T09:21:06Z", 
"build_snapshot" : false, 
"lucene_version" : "4.10.4" 
}, 
"tagline" : "You Know, for Search" 


But if you enter the <IP address> or a <hostname> with 9200 you should get no response.