Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Add module for CVE-2015-1427, elasticsearch groovy code injection #4907
This module adds a msf module for CVE-2015-1427, a RCE in elasticsearch due to the groovy sandbox bypass discovered recently. Also improves the old script_mvel_rce check to avoid false positives.
This module has been tested with Elastic 1.4.2 on Ubuntu 12.04 server (32 bits) and Windows.