Security News > 2015 > December > Elasticsearch servers actively targeted by botmasters (Help Net Security)
2015-12-03 13:00
Elasticsearch is one of the most popular choices when it comes to enterprise search engines. Unfortunately, a couple of remote code execution flaws (CVE-2015-5377, CVE-2015-1427) discovered and pub...
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/XL4cAy4Ya_4/secworld.php
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-06 | CVE-2015-5377 | Injection vulnerability in Elastic Elasticsearch Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. | 9.8 |
2015-02-17 | CVE-2015-1427 | The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. | 9.8 |
Related vendor
VENDOR | LAST 12M | #/PRODUCTS | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
Elasticsearch | 8 | 0 | 14 | 1 | 0 | 15 |