Lucene search
K

4 matches found

OSV
OSV
added 2017/08/09 4:29 p.m.7 views

UBUNTU-CVE-2015-4165

The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and...

7.5CVSS7.4AI score0.0445EPSS
Exploits1References2
CVE
CVE
added 2017/08/09 4:0 p.m.97 views

CVE-2015-4165

Elasticsearch CVE-2015-4165 affects versions 1.0.0 through 1.5.2. The vulnerability leverages the snapshot API to place writeable snapshot metadata files in locations read by another application, which could lead to arbitrary code execution when the Java VM running Elasticsearch can write to such...

7.5CVSS7.4AI score0.0445EPSS
Exploits1References6Affected Software1
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.50 views

Elasticsearch vulnerability CVE-2015-4165

Summary: Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to...

6CVSS3.8AI score0.0445EPSS
Exploits1
0day.today
0day.today
added 2015/06/10 12:0 a.m.69 views

Elasticsearch 1.5.2 File Creation Vulnerability

Elasticsearch versions 1.0.0 through 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to create...

6CVSS0.3AI score0.0445EPSS
Exploits1
Rows per page
Query Builder