How to secure the transport protocol port [default 9300]..

Anushik Soni on January 9, 2020

Issue: Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on its transport protocol that enables remote code execution. This issue is related to the Groovy announcement in CVE-2015-3253.

Solution: Users that do not want to upgrade can address the vulnerability by securing the transport protocol port (default 9300) to allow access by only trusted agents.

Query: How can we secure the transport protocol port [default 9300] where ElasticSearch and ARis application are running on same server.

http://www.nessus.org/u?c6b6cf1a

Bookmark

Notify Moderator

Best Reply

André Vitor Oliveira on January 14, 2020 - 13:24

Hi Anushik

The ARIS 9.8.10 uses elasticsearch 1.7.5, and this version is more higher that version with the issue related, then it means that issue was fixed in this version but you can confirm with nessus.org

BR

AO

or register to reply.

Show in context Notify Moderator

12 Replies

André Vitor Oliveira on January 9, 2020 - 20:03

Hi Anushik,

Which ARIS version do you have ? this is important to know ...

For example to the ARIS 10 SR1 the Elastic Search provided with the ARIS is ElasticSearch version 5.6.10

BR

AO

or register to reply.

Notify Moderator

Anushik Soni Author on January 10, 2020 - 09:09 as Reply to André Vitor Oliveira

Hi Andre Vitor Oliveira,

Thanks for your response. We have Aris 9.8.10 version. Please let us know anthing else required from our end.

Attachments

Aris version.PNG

or register to reply.

Notify Moderator

André Vitor Oliveira on January 13, 2020 - 18:00

Hi Anushik,

I'm checking the information and will update you soon

BR

AO

or register to reply.

Notify Moderator

André Vitor Oliveira on January 14, 2020 - 13:24

Best reply

or register to reply.

Notify Moderator

Anushik Soni Author on January 14, 2020 - 15:23

Hello Andre,

Thanks for your response.

The installed version of ElasticSearch is 1.4.2
The required version for removing the vulnerability is either 1.6.1 or 1.7.0

Now we do not want to upgrade the ElasticSearch or ARis application.

However, this vulnerability can also be removed by securing the transport protocol port [9300].

We want to remove the vulnerability following the alternative approach i.e. securing the transport protocol port [9300].

Can you please guide us the process to achive the same.

or register to reply.

Notify Moderator

André Vitor Oliveira on January 16, 2020 - 14:12

Hi Anushik,
The ARIS 9.8.10 uses elasticsearch 1.7.5, where you find the "1.4.2" ? ....

BR

AO

or register to reply.

Notify Moderator

Anushik Soni Author on January 20, 2020 - 13:38

Hello Andre,

Can you help us on how to identify the elasticsearch version in Aris application.

That may be of help for us.

We will follow your steps to identify the version installed.

or register to reply.

Notify Moderator

André Vitor Oliveira on January 22, 2020 - 14:46

Hi Anushik,
Please check using this URL: http://localhost:19976/ ( on the Server ) and will see version... number... or http://<servername>:19976

BR
AO

or register to reply.

Notify Moderator

Anushik Soni Author on January 23, 2020 - 20:42

Hello ,

We have gone through the version and it is 1.4.2.

Can you also help us to identify the ARis version on server?

or register to reply.

Notify Moderator

André Vitor Oliveira on January 24, 2020 - 21:36

Hi

Sure, please check this log:

server\bin\work\work_abs_s\base\webapps\abs\log\server.log
And the line "start server: x x x x x"

Let me know

BR

AO

or register to reply.

Notify Moderator

Anushik Soni Author on January 26, 2020 - 10:18

This is what we got from the location shared by you.

It seems the version we have is 9.8.

Also can you please share with us your contact number or skype ID so that we can contact you once and make you understand the issue and you can provide us the solution if possible.

or register to reply.

Notify Moderator

André Vitor Oliveira on January 29, 2020 - 21:56

Hi Anushik,

Sure, provide me your skype user id and I will find you.

BR

AO

or register to reply.

Notify Moderator

How to secure the transport protocol port [default 9300]..

Best Reply

12 Replies

ARIS Roadshow 2025 in Crystal City

PzM Summit Austria

ARIS Roadshow 2025 in Amsterdam

BPM Summit