This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Elastic reports :
Vulnerability Summary: Elasticsearch versions 1.3.x and prior have a
default configuration for CORS that allows an attacker to craft links
that could cause a user's browser to send requests to Elasticsearch
instances on their local network. These requests could cause data loss
Remediation Summary: Users should either set 'http.cors.enabled' to
false, or set 'http.cors.allow-origin' to the value of the server that
should be allowed access, such as localhost or a server hosting
Kibana. Disabling CORS entirely with the former setting is more
secure, but may not be suitable for all use cases.
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true