ElasticSearch Dynamic Script - Arbitrary Java Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ElasticSearch Dynamic Script Arbitrary Java Execution', 'Description' = %q This module exploits a remote command execution...

ElasticSearch search Remote Code Execution (CVE-2014-3120)

A remote command execution vulnerability has been found in ElasticSearch. The vulnerability is due to the search function in the REST API which does not require authentication and allows dynamic scripts execution. A remote attacker can exploit this weakness to execute arbitrary code via a special...