

CVE-2015-1427 Remote Code Execution in Elasticsearch - symkat
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1427

======
symkat
If you're running a vulnerable version, (especially world-accessible,) you
should upgrade and firewall off ES as soon as possible.

I found about 10 different local privilege escalation exploits sitting in /tmp
and a handful of reverse shells running this evening =(

