1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: ElasticSearch Remote Code Execution CVE-2015-1427

Web Attack: ElasticSearch Remote Code Execution CVE-2015-1427

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.

Additional Information

Elasticsearch is an open-source search engine.

Elasticsearch is prone to a security-bypass vulnerability. Specifically, this issue exists in the Groovy scripting engine. An attacker can exploit this issue to construct Groovy scripts to escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.

Affected

  • Various version of elastic search
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube