HomePentest-Tools.com Logo

Elasticsearch Groovy Scripting Engine Unauthenticated Remote Code Execution CVE-2015-1427

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Elasticsearch is prone to an unauthenticated remote code execution.

Risk description

The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. This vulnerability was known to be used by the Setag/BillGates malware in 2019. An attacker can exploit this issue to bypass certain security restrictions and execute code in the context of this application.

Recommendation

Update to 1.3.8/1.4.3 or later. Please see the references for more information.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 17, 2015
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available