Required CVE Record Information
Description
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
References 6 Total
- securityfocus.com: 74353 vdb-entry
- http://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html
- securityfocus.com: 20150427 Elasticsearch vulnerability CVE-2015-3337 mailing-list
- exploit-db.com: 37054 exploit
- https://www.elastic.co/community/security
- debian.org: DSA-3241 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- securityfocus.com: 74353 vdb-entryx_transferred
- http://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html x_transferred
- securityfocus.com: 20150427 Elasticsearch vulnerability CVE-2015-3337 mailing-listx_transferred
- exploit-db.com: 37054 exploitx_transferred
- https://www.elastic.co/community/security x_transferred
- debian.org: DSA-3241 vendor-advisoryx_transferred