CVE-2015-1427

Description

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.

How to fix CVE-2015-1427

To remediate CVE-2015-1427, upgrade the affected package to a fixed version below.

• Maven/org.elasticsearch:elasticsearch—upgrade to 1.3.8 or later

Is CVE-2015-1427 being exploited?

Yes — CVE-2015-1427 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (1)

• from 0, < 1.3.8

References (7)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-1427
• WEBpacketstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.html
• WEBpacketstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.html
• WEBaccess.redhat.com/errata/RHSA-2017:0868