How to secure the transport protocol port [default 9300]..

Hi  Anushik,



Which ARIS version do you have ? this is important to know ...

For example to the ARIS 10 SR1 the Elastic Search provided with the ARIS is ElasticSearch version 5.6.10



BR



AO

Hi Andre Vitor Oliveira,

Thanks for your response. We have Aris 9.8.10 version. Please let us know anthing else required from our end.

Hi Anushik,

I'm checking the information and will update you soon

BR

AO

Hi Anushik

The ARIS 9.8.10 uses elasticsearch 1.7.5, and this version is more higher that version with the issue related, then it means that issue was fixed in this version but you can confirm with nessus.org

BR

AO

Hello Andre,

Thanks for your response.

The installed version of ElasticSearch is 1.4.2
The required version for removing the vulnerability is either 1.6.1 or 1.7.0

Now we do not want to upgrade the ElasticSearch or ARis application.

However, this vulnerability can also be removed by securing the transport protocol port [9300].

We want to remove the vulnerability following the alternative approach i.e. securing the transport protocol port [9300].

Can you please guide us the process to achive the same.

Hi Anushik,
The ARIS 9.8.10 uses elasticsearch 1.7.5, where you find the "1.4.2" ? ....
 

BR

AO

Hello Andre,

Can you help us on how to identify the elasticsearch version in Aris application.

That may be of help for us.

We will follow your steps to identify the version installed.

Hi Anushik,
Please check using this URL: http://localhost:19976/ ( on the Server ) and will see version... number... or http://<servername>:19976 

BR
AO

Hello ,

We have gone through the version and it is 1.4.2.

Can you also help us to identify the ARis version on server?

Hi

Sure, please check this log:

server\bin\work\work_abs_s\base\webapps\abs\log\server.log
 And the line "start server:  x x x x x"

Let me know

BR

AO

This is what we got from the location shared by you.

It seems the version we have is 9.8.

Also can you please share with us your contact number or skype ID so that we can contact you once and make you understand the issue and you can provide us the solution if possible.

Hi  Anushik,

Sure, provide me your skype user id and I will find you.

BR

AO