We are using ElasticSearch software for our application in our Project. But we are getting the following vulnerabilities from the security team
HTTP DELETE Method Enabled
The Web server contains a flaw that may allow a remote attacker to delete arbitrary files by using the HTTP method 'DELETE', resulting in a loss of integrity.
Target Port: 9200/TCP
Please help me on fixing this vulnerability.
ElasticSearch Version: 7.8.1
Delete methods are used to manage a variety of assets in elasticsearch like indices, documents, users, alerts etc.
You should enable elasticsearch security to assign appropriate permissions
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.