Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
canvasImmunity CanvasELASTICSEARCH_CVE_2015_1427
HistoryFeb 17, 2015 - 3:59 p.m.

Immunity Canvas: ELASTICSEARCH_CVE_2015_1427

2015-02-1715:59:00
Immunity Canvas
exploitlist.immunityinc.com
76

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.867 High

EPSS

Percentile

98.3%

JSON
Name elasticsearch_CVE_2015_1427
CVE CVE-2015-1427 Exploit Pack
VENDOR: elastic
Notes:
Elasticsearch versions 1.3.x before 1.3.8 and 1.4.x before 1.4.3 have dynamic scripting
features enabled by default using Groovy as scripting language.
There is a Groovy sandbox bypass that can be used to obtain Groovy Remote Code Execution.

Elasticsearch version 1.4.3 disabled dynamic scripting by default and improved the Groovy
sandbox by including certain methods to its blacklist check.

However Immunity uncovered that for versions 1.4.3 and greater there are still other bypasses to the Groovy sandbox if dynamic
scripts are manually enabled on the configuration file config/elasticsearch.yml by adding
the following lines:
script.inline: sandbox
script.groovy.sandbox.enabled: true

Repeatability: Infinite
References: http://jordan-wright.github.io/blog/2015/03/08/elasticsearch-rce-vulnerability-cve-2015-1427/
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1427

Related

openvas 1
securityvulns 2
zdt 2
kitploit 2
prion 1
nuclei 1
packetstorm 2
myhack58 2
cve 1
cisa_kev 1
github 1
ubuntucve 1
osv 1
threatpost 4
nessus 2
freebsd 1
checkpoint_advisories 1
attackerkb 1
n0where 1
veracode 1
metasploit 1
exploitdb 2
nmap 1
impervablog 2
talosblog 1
avleonov 1
redhat 1
openvas
openvas
Elasticsearch Groovy Scripting Engine Unauthenticated Remote Code Execution
2015-03-12 00:00:00
securityvulns
securityvulns
Elasticsearch restrictions bypass
2015-02-22 00:00:00
Elasticsearch vulnerability CVE-2015-1427
2015-02-22 00:00:00
zdt
zdt
ElasticSearch Unauthenticated Remote Code Execution Exploit
2015-03-12 00:00:00
ElasticSearch Search Groovy Sandbox Bypass Exploit
2015-03-12 00:00:00
kitploit
kitploit
Infection Monkey v1.6 - An Automated Pentest Tool
2018-11-26 20:54:00
Infection Monkey - An Automated Pentest Tool
2018-04-29 12:23:00
prion
prion
Design/Logic Flaw
2015-02-17 15:59:00
nuclei
nuclei
ElasticSearch - Remote Code Execution
2021-02-15 18:17:25
packetstorm
packetstorm
ElasticSearch Unauthenticated Remote Code Execution
2015-03-12 00:00:00
ElasticSearch Search Groovy Sandbox Bypass
2015-03-12 00:00:00
myhack58
myhack58
Ann Day honey network captureβ€œuse of the ElasticSearch Groovy vulnerability Monroe coin(Dog)mining”event analysis-vulnerability warning-the black bar safety net
2019-06-26 00:00:00
Crypto currency mining machine using Elasticsearch vulnerability propagation-vulnerability warning-the black bar safety net
2018-12-14 00:00:00
cve
cve
CVE-2015-1427
2015-02-17 15:59:00
cisa_kev
cisa_kev
Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability
2022-03-25 00:00:00
github
github
Improper Access Control in Elasticsearch
2022-05-14 02:49:44
ubuntucve
ubuntucve
CVE-2015-1427
2015-02-17 00:00:00
osv
osv
Improper Access Control in Elasticsearch
2022-05-14 02:49:44
threatpost
threatpost
NFL Players and Agents Targeted in Database Extortion Attempt
2017-10-09 09:00:39
Elasticsearch Elastichoney Honeypot Shows 8,000 RCE Attacks
2015-05-11 13:18:29
Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign
2021-02-17 21:39:10
nessus
nessus
FreeBSD : elasticsearch -- remote OS command execution via Groovy scripting engine (026759e0-1ba3-11e5-b43d-002590263bf5)
2015-06-26 00:00:00
Elasticsearch Groovy Script RCE
2015-03-13 00:00:00
freebsd
freebsd
elasticsearch -- remote OS command execution via Groovy scripting engine
2015-02-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Elasticsearch Sandbox Escape Command Execution (CVE-2015-1427)
2015-10-19 00:00:00
attackerkb
attackerkb
CVE-2015-1427
2015-02-17 00:00:00
n0where
n0where
Data Center Security Testing Tool: Infection Monkey
2018-03-18 15:03:48
veracode
veracode
Arbitrary Shell Command Execution In The Groovy Scripting Engine
2015-02-18 17:22:02
metasploit
metasploit
ElasticSearch Search Groovy Sandbox Bypass
2015-03-10 04:04:32
exploitdb
exploitdb
ElasticSearch - Remote Code Execution
2015-03-11 00:00:00
ElasticSearch - Search Groovy Sandbox Bypass (Metasploit)
2015-03-16 00:00:00
nmap
nmap
http-vuln-cve2015-1427 NSE Script
2015-05-21 10:02:56
impervablog
impervablog
Attackers exploit CVE-2021-26084 for XMRig crypto mining on affected Confluence servers
2021-09-13 14:57:52
Imperva Protects from New Spring Framework Zero-Day Vulnerabilities
2022-03-31 15:20:03
talosblog
talosblog
Cisco Talos Honeypot Analysis Reveals Rise in Attacks on Elasticsearch Clusters
2019-02-26 10:56:00
avleonov
avleonov
Vulnerability Management at Tinkoff Fintech School
2019-03-04 10:38:31
redhat
redhat
(RHSA-2017:0868) Important: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update
2017-04-03 21:01:34

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.867 High

EPSS

Percentile

98.3%

JSON
Related for ELASTICSEARCH_CVE_2015_1427
openvas1securityvulns2zdt2kitploit2prion1nuclei1packetstorm2myhack582cve1cisa_kev1github1ubuntucve1osv1threatpost4nessus2freebsd1checkpoint_advisories1attackerkb1n0where1veracode1metasploit1exploitdb2nmap1impervablog2talosblog1avleonov1redhat1