CVE-2015-3337

EPSS 91.1%

elasticsearch - security update

發布日:2022/5/17修改日:2026/3/9

描述

Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.

受影響套件(2)

Debian/elasticsearchfrom 0, < 1.0.3+dfsg-5+deb8u1
Maven/org.elasticsearch:elasticsearchfrom 0, < 1.4.5

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-3337
WEBhttp://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html
WEBhttps://www.elastic.co/community/security
WEBhttps://www.exploit-db.com/exploits/37054
WEBhttp://www.debian.org/security/2015/dsa-3241