A bit of description change

wchen-r7 · wchen-r7 · commit dfa61b316ec7 · 2014-05-29T12:20:40.000-05:00
diff --git a/modules/exploits/multi/elasticsearch/script_mvel_rce.rb b/modules/exploits/multi/elasticsearch/script_mvel_rce.rb
@@ -16,11 +16,11 @@ def initialize(info = {})
       'Name'           => 'ElasticSearch Dynamic Script Arbitrary Java Execution',
       'Description'    => %q{
         This module exploits a remote command execution vulnerability in ElasticSearch,
-        exploitable by default on ElasticSearch prior to 1.2.0. The problem exists on
-        the REST API, accessible without authentication, neither authorization, where
-        the search function allows for dynamic scripts execution, which allows remote
-        attackers to execute arbitrary Java code. This module has been tested successfully
-        on ElasticSearch 1.1.1 on Ubuntu Server 12.04 and Windows XP SP3.
+        exploitable by default on ElasticSearch prior to 1.2.0. The bug is found in the
+        REST API, which requires no authentication or authorization, where the search
+        function allows dynamic scripts execution, and can be used for remote attackers
+        to execute arbitrary Java code. This module has been tested successfully on
+        ElasticSearch 1.1.1 on Ubuntu Server 12.04 and Windows XP SP3.
       },
       'Author'         =>
         [
