fi3ro / CVE-2015-5377 Public

Notifications You must be signed in to change notification settings
Fork 0
Star 2

Java deserialization exploit for elasticsearch 1.5.2 CVE-2015-5377

2 stars 0 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
CVE-2015-5377.py		CVE-2015-5377.py
README.md		README.md

Repository files navigation

CVE-2015-5377

Elasticsearch 1.5.2 is vulnerable to RCE through insecure java deserialization.

The exploit attack the transport protocol on port 9300. The deserialization is based on Groovy MethodClosure chain to achive RCE.

About

Java deserialization exploit for elasticsearch 1.5.2 CVE-2015-5377

Report repository

Releases

No releases published

Packages

No packages published

Languages

Python 100.0%