Elastic Elasticsearch < 1.3.8, 1.4.x < 1.4.3 Groovy Scripting Engine Unauthenticated RCE Vulnerability - Active Check CVE-2015-1427

Name: Elastic Elasticsearch < 1.3.8, 1.4.x < 1.4.3 Groovy Scripting Engine Unauthenticated RCE Vulnerability - Active Check (CVE-2015-1427)
Published: 2018-01-02T00:00:00.000Z

Severity
EPSS Score
EPSS Percentile

Vulnerability description: Not available
Risk description: Not available
Recommendation: Not available
References: https://web.archive.org/web/20240815055759/https://www.elastic.co/blog/elasticsearch-1-4-3-and-1-3-8-released https://discuss.elastic.co/t/elasticsearch-1-4-3-and-1-3-8-release-including-cve/22123 https://www.trendmicro.com/en_us/research/19/g/multistage-attack-delivers-billgates-setag-backdoor-can-turn-elasticsearch-databases-into-ddos-botnet-zombies.html https://web.archive.org/web/20210506011817/http://www.securityfocus.com/bid/72585 https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Codename: Not available

Detectable with: Network Scanner
Scan engine: OpenVAS
Cisa Kev: Yes
Exploitable with Sniper: No
CVE Published: Not available
Detection added at: Jan 2, 2018
Software Type: Not available
Vendor: Not available
Product: Not available

Detect this vulnerability now!

Check your clients' targets (or your own) for this vulnerability and thousands more! Get proof for validation with our ethical hacking toolkit.

Try the Free Edition Compare paid plans

Elastic Elasticsearch < 1.3.8, 1.4.x < 1.4.3 Groovy Scripting Engine Unauthenticated RCE Vulnerability - Active Check CVE-2015-1427

Detect this vulnerability now!

One of EMEA's fastest-growing tech companies.

48,000+ security folks are here. Are you?

More than demos - real faces, real insight.

Security leaders trust what they can prove