| Name | elasticsearch_CVE_2015_1427 |
| CVE | CVE-2015-1427 |
| Exploit Pack | CANVAS |
| Description | elasticsearch_CVE-2015-1427 |
| Notes | CVE Name: CVE-2015-1427 VENDOR: elastic Notes: Elasticsearch versions 1.3.x before 1.3.8 and 1.4.x before 1.4.3 have dynamic scripting features enabled by default using Groovy as scripting language. There is a Groovy sandbox bypass that can be used to obtain Groovy Remote Code Execution. Elasticsearch version 1.4.3 disabled dynamic scripting by default and improved the Groovy sandbox by including certain methods to its blacklist check. However Immunity uncovered that for versions 1.4.3 and greater there are still other bypasses to the Groovy sandbox if dynamic scripts are manually enabled on the configuration file config/elasticsearch.yml by adding the following lines: script.inline: sandbox script.groovy.sandbox.enabled: true Repeatability: Infinite References: http://jordan-wright.github.io/blog/2015/03/08/elasticsearch-rce-vulnerability-cve-2015-1427/ CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1427 |
| Learn more about the CANVAS Exploit Pack here: CANVAS |