Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-1427
HistoryFeb 17, 2015 - 12:00 a.m.

CVE-2015-1427

2015-02-1700:00:00
ubuntu.com
ubuntu.com
21

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.86 High

EPSS

Percentile

98.5%

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before
1.4.3 allows remote attackers to bypass the sandbox protection mechanism
and execute arbitrary shell commands via a crafted script.

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.86 High

EPSS

Percentile

98.5%