7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.9%
Elasticsearch is prone to an arbitrary code-execution vulnerability.
# SPDX-FileCopyrightText: 2018 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:elastic:elasticsearch";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.108363");
script_version("2023-07-20T05:05:17+0000");
script_cve_id("CVE-2015-4165");
script_tag(name:"cvss_base", value:"6.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2023-07-20 05:05:17 +0000 (Thu, 20 Jul 2023)");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-10-09 19:57:00 +0000 (Tue, 09 Oct 2018)");
script_tag(name:"creation_date", value:"2018-03-01 16:01:42 +0100 (Thu, 01 Mar 2018)");
script_name("Elasticsearch < 1.6.0 Arbitrary Code Execution Vulnerability");
script_copyright("Copyright (C) 2018 Greenbone AG");
script_category(ACT_GATHER_INFO);
script_family("Web application abuses");
script_dependencies("gb_elastic_elasticsearch_detect_http.nasl");
script_mandatory_keys("elastic/elasticsearch/detected");
script_xref(name:"URL", value:"https://www.elastic.co/community/security/");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/75113");
script_tag(name:"summary", value:"Elasticsearch is prone to an arbitrary code-execution vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"impact", value:"An attacker could exploit this issue to
execute arbitrary code in the context of the application.");
script_tag(name:"insight", value:"The snapshot API in Elasticsearch before 1.6.0
when another application exists on the system that can read Lucene files and
execute code from them, is accessible by the attacker, and the Java VM on which
Elasticsearch is running can write to a location that the other application can
read and execute from, allows remote authenticated users to write to and create
arbitrary snapshot metadata files, and potentially execute arbitrary code.");
script_tag(name:"affected", value:"Elasticsearch version 1.0.0 through 1.5.2.");
script_tag(name:"solution", value:"Update to Elasticsearch version 1.6.0,
or later.");
# Only vulnerable in specific circumstances
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if( ! port = get_app_port( cpe:CPE ) ) exit( 0 );
if( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );
if( version_in_range( version:vers, test_version:"1.0.0", test_version2:"1.5.2" ) ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"1.6.0" );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.9%