CN

CyberNewsUz

Threat Intelligence Portal

LOADING0%

Yangiliklar CVE Tracker Exploitlar Hujumlar Xarita

CN

CyberNewsUz

Threat Intelligence Portal

LOADING0%

O'zbek tilidagi kiberxavfsizlik portali. Yangiliklar, CVE tracker, hujumlar bazasi.

Yangiliklar

Barcha yangiliklar
Hujumlar
Zayifliklar
O'zbekiston
Jahon

Asboblar

CVE Tracker
Exploit DB
Hujumlar bazasi
Threat xarita

Loyiha

Biz haqimizda

© 2026 CyberNewsUz. Barcha huquqlar himoyalangan.

CVE Tracker ga qaytish

CVE-2015-1427

Kritik(9.8)

Elasticsearch-dagi Groovy skript mexanizmi 1.3.8-dan oldin va 1.4.x-dan 1.4.3-dan oldin masofaviy hujumchilarga sinov muhitini himoya qilish mexanizmini chetlab o'tishga va yaratilgan skript orqali o'zboshimchalik bilan qobiq buyruqlarini bajarishga imkon beradi.

Vendor

Elastic

Product

Elasticsearch

CVSS Score

9.8

Nashr sanasi

17-fev, 2015

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Manbalar

http://packetstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.html
http://packetstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.html
http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/
http://www.securityfocus.com/archive/1/534689/100/0/threaded
http://www.securityfocus.com/bid/72585

Yangi kritik zaifliklar

CyberNewsUz — CVE-2015-1427