From gbhackers.com
![Elasticsearch Servers](https://i2.wp.com/1.bp.blogspot.com/-dpEcdAWbjvI/XT5jRVkn-wI/AAAAAAAADUQ/rUiMXuos-Ig3AG9BUBvoEpP6X5AgRBpIACLcBGAs/s1600/Elasticsearch%2BServers.png?w=696&ssl=1)
A new multistage attack exploiting Elasticsearch servers using the old unpatched vulnerability to invoke a shell with a crafted query and encoded Java commands. The attack aims to deliver BillGates/Setag Backdoor against vulnerable Elasticsearch servers.
The attack targets the already patched vulnerability in the Groovy scripting engine (versions 1.3.0 – 1.3.7 and 1.4.0 – 1.4.2) and the vulnerability can be tracked as CVE-2015-1427 it allows attackers to evade sandbox and to execute arbitrary shell commands via a crafted script.