4 matches found
UBUNTU-CVE-2015-4165
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and...
CVE-2015-4165
Elasticsearch CVE-2015-4165 affects versions 1.0.0 through 1.5.2. The vulnerability leverages the snapshot API to place writeable snapshot metadata files in locations read by another application, which could lead to arbitrary code execution when the Java VM running Elasticsearch can write to such...
Elasticsearch vulnerability CVE-2015-4165
Summary: Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to...
Elasticsearch 1.5.2 File Creation Vulnerability
Elasticsearch versions 1.0.0 through 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to create...