Elasticsearch Groovy Search Sandbox Bypass Vulnerability

2015年7月21日

Email
Facebook
Twitter
Google+
Linkedin

危険度: : 高

概要

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.

トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

対応方法

Trend Micro Deep Security DPI Rule Number: 1006793