Need upgraded version of elasticsearch jar in DevTest 10.3
Article ID: 110069
Updated On:
Products
CA Application Test
Service Virtualization
CA Continuous Application Insight (PathFinder)
CA Service Virtualization (DevTest / LISA / VSE / Application Test)
Issue/Introduction
After network scan, a "Elasticsearch Transport Protocol Unspecified Remote Code Execution" vulnerability was found. This protocol is using port 9200 and that port is being used by DevTest components such as Portal Services, VSE and so on.
Critical network vulnerability on port 9200 for Elasticsearch. Need upgraded elasticsearch jars in DevTest 10.3. The current version we ship is elasticsearch-1.5.2.jar.
Critical network vulnerability on port 9200 for Elasticsearch. Need upgraded elasticsearch jars in DevTest 10.3. The current version we ship is elasticsearch-1.5.2.jar.
Environment
DEVTEST 10.3
Resolution
The elasticsearch jar version in DevTest will be upgraded to version 1.6.1 only in DevTest 10.4 release
Additional Information
https://www.tenable.com/plugins/nessus/105752
Feedback
Yes
No
Powered by
