Lucene search
GoogleOSV:DSA-3241-1HistoryApr 29, 2015 - 12:00 a.m.
elasticsearch - security update
2015-04-2900:00:00
Google
osv.dev
4
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
John Heasman discovered that the site plugin handling of the
Elasticsearch search engine was susceptible to directory traversal.
For the stable distribution (jessie), this problem has been fixed in
version 1.0.3+dfsg-5+deb8u1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your elasticsearch packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| elasticsearch | eq | 1.0.3+dfsg-5 |
References
Related
nessus
nessus
ubuntucve
ubuntucve
CVE-2015-3337
2015-05-01 00:00:00
freebsd
freebsd
elasticsearch -- directory traversal attack with site plugins
2015-04-27 00:00:00
openvas
openvas
Debian Security Advisory DSA 3241-1 (elasticsearch - security update)
2015-04-29 00:00:00
Debian: Security Advisory (DSA-3241-1)
2015-04-28 00:00:00
Elasticsearch Directory Traversal Vulnerability
2015-05-05 00:00:00
osv
osv
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch
2022-05-17 04:12:25
exploitpack
exploitpack
ElasticSearch 1.4.5 1.5.2 - Directory Traversal
2015-05-18 00:00:00
cvelist
cvelist
CVE-2015-3337
2015-05-01 15:00:00
packetstorm
packetstorm
ElasticSearch Directory Traversal Proof Of Concept
2015-05-01 00:00:00
prion
prion
Directory traversal
2015-05-01 15:59:00
debian
debian
[SECURITY] [DSA 3241-1] elasticsearch security update
2015-04-29 20:33:18
nuclei
nuclei
Elasticsearch - Local File Inclusion
2021-03-24 20:51:43
cve
cve
CVE-2015-3337
2015-05-01 15:59:00
securityvulns
securityvulns
Elasticsearch vulnerability CVE-2015-3337
2015-05-05 00:00:00
Elasticsearch directory traversal
2015-05-05 00:00:00
[SECURITY] [DSA 3241-1] elasticsearch security update
2015-05-05 00:00:00
github
github
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch
2022-05-17 04:12:25
exploitdb
exploitdb
ElasticSearch < 1.4.5 / < 1.5.2 - Directory Traversal
2015-05-18 00:00:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related for OSV:DSA-3241-1