Issue: Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on its transport protocol that enables remote code execution. This issue is related to the Groovy announcement in CVE-2015-3253.

Solution: Users that do not want to upgrade can address the vulnerability by securing the transport protocol port (default 9300) to allow access by only trusted agents.

Query: How can we secure the transport protocol port [default 9300] where ElasticSearch and ARis application are running on same server.

http://www.nessus.org/u?c6b6cf1a