i was using release *elasticsearch-0.90.5* in my exploited server, so maybe this is already fixed in current release by disabling script.disable_dynamic by default
https://github.com/elasticsearch/elasticsearch/issues/5853 (besides not exposing port 9200 outside) -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/3772e3b3-9b82-4018-8468-392ee2f1c4b0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
