Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Elasticsearch 1.5.2 File Creation Vulnerability

🗓️ 10 Jun 2015 00:00:00Reported by Kevin KlugeType 
zdt
 zdt🔗 0day.today👁 42 Views

Elasticsearch 1.5.2 File Creation Vulnerability, CVE-2015-4165, requires several conditions for exploitation and can be fixed by upgrading to version 1.6.0

Related
Code
ReporterTitlePublishedViews
Family
FreeBSD		elasticsearch -- security fix for shared file-system repositories
9 Jun 201500:00
freebsd
CNVD		Elasticsearch Arbitrary Code Execution Vulnerability
24 Jun 201500:00
cnvd
CVE		CVE-2015-4165
9 Aug 201716:00
cve
Cvelist		CVE-2015-4165
9 Aug 201716:00
cvelist
Elastic		Elasticsearch Engineered Attack Vulnerability CVE-2015-4165
9 Jun 201521:40
elastic
EUVD		EUVD-2022-3784
3 Oct 202520:07
euvd
Tenable Nessus		FreeBSD : elasticsearch -- security fix for shared file-system repositories (23232028-1ba4-11e5-b43d-002590263bf5)
26 Jun 201500:00
nessus
Github Security Blog		Improper Access Control in Elasticsearch
14 May 202202:48
github
NVD		CVE-2015-4165
9 Aug 201716:29
nvd
OpenVAS		Elasticsearch < 1.6.0 Arbitrary Code Execution Vulnerability
1 Mar 201800:00
openvas
Rows per page
Summary:
Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered attack on other applications on the system.  The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process.  It is possible to create a file that another application could read and take action on, such as code execution.

This vulnerability requires several conditions to be exploited.  There must be some other application running on the system that would read Lucene files and execute code from them.  That application must also be accessible to the attacker, e.g. over the network.  Lastly, the Java VM running the Elasticsearch process must be able to write into a location that the other application will read and potentially execute.

We have been assigned CVE-2015-4165 for this issue.


Fixed versions:
Version 1.6.0 address the vulnerability by adding configuration to limit the filesystem paths that the Java VM can write into.


Remediation:
Users should upgrade to the 1.6.0 release.

Users that do not want to upgrade can address the vulnerability in any of several ways:
- ensure that there are no other applications running on the Elasticsearch server
- ensure that the Elasticsearch JVM cannot write a directory that other applications read from
- use a firewall, reverse proxy, or Shield to prevent snapshot API calls from some or all users
- ensure that other applications running on the server are not accessible to attackers

#  0day.today [2018-03-28]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
10 Jun 2015 00:00Current
0.3Low risk
Vulners AI Score0.3
EPSS0.01709
elasticsearch vulnerabilityfile creationcve-2015-4165exploit conditionsupgradevulnerability fixconfiguration limitremediation optionsfirewall protectionreverse proxyshield integration
42