Elasticsearch Groovy Search Sandbox Bypass Vulnerability
危険度: 高
情報公開日: 7 21, 2015
概要
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
トレンドマイクロの対策
Apply associated Trend Micro DPI Rules.
対応方法
Trend Micro Deep Security DPI Rule Number: 1006793