Critical severity9.8NVD Advisory· Published Mar 6, 2018· Updated Jun 17, 2026
CVE-2015-5377
CVE-2015-5377
Description
Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<1.6.1+ 1 more
- (no CPE)range: <1.6.1
- (no CPE)range: <1.6.1
- Range: <1.6.1
Patches
Vulnerability mechanics
References
4- github.com/elastic/elasticsearch/commit/bf3052d14c874aead7da8855c5fcadf5428a43f2nvdPatchThird Party Advisory
- www.securityfocus.com/bid/75938nvdThird Party AdvisoryVDB Entry
- www.zerodayinitiative.com/advisories/ZDI-15-365/nvdThird Party AdvisoryVDB Entry
- discuss.elastic.co/t/elasticsearch-remote-code-execution-cve-2015-5377/25736nvdVendor Advisory
News mentions
0No linked articles in our index yet.