Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-3337

Published: 01/05/2015 Updated: 25/06/2015
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 436
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Elasticsearch

Vulnerability Summary

Directory traversal vulnerability in Elasticsearch prior to 1.4.5 and 1.5.x prior to 1.5.2, when a site plugin is enabled, allows remote malicious users to read arbitrary files via unspecified vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

elasticsearch elasticsearch 1.5.0

elasticsearch elasticsearch 1.5.1

elasticsearch elasticsearch

Vendor Advisories

Debian Security Advisories: DSA-3241-1 elasticsearch -- security update
John Heasman discovered that the site plugin handling of the Elasticsearch search engine was susceptible to directory traversal For the stable distribution (jessie), this problem has been fixed in version 103+dfsg-5+deb8u1 For the unstable distribution (sid), this problem will be fixed soon We recommend that you upgrade your elasticsearch pack ...
Red Hat: CVE-2015-3337
Directory traversal vulnerability in Elasticsearch before 145 and 15x before 152, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors ...

Exploits

Exploit DB: ElasticSearch < 1.4.5 / < 1.5.2 - Directory Traversal
#!/usr/bin/python # Crappy PoC for CVE-2015-3337 - Reported by John Heasman of DocuSign # Affects all ElasticSearch versions prior to 152 and 145 # Pedro Andujar || twitter: pandujar || email: @segfaultes || @digitalsecnet # Tested on default Linux (deb) install /usr/share/elasticsearch/plugins/ # # Source: githubcom/pandujar/elasti ...
Exploit DB: ElasticSearch Directory Traversal Proof Of Concept
ElasticPwn is a proof of concept exploit that demonstrates the directory traversal vulnerability in versions prior to 152 and 145 ...

Github Repositories

https://github.com/jas502n/CVE-2015-3337

CVE-2015-3337 ElasticSearch 任意文件读取

CVE-2015-3337 CVE-2015-3337 任意文件读取 101020166:9200/_plugin/head//////////etc/passwd Usage: python CVE-2015-3337py python CVE-2015-3337py _____ _ _ _____ _____ _____ __ _____ _____ _____ _____ ______ / __ \ | | | ___| / __ \| _ |/ | | ___| |____ ||____ ||____ ||___ / | / \/ | | | |__ ______`'

https://github.com/cyberharsh/elasticsearch

ElasticSearch 目录穿越漏洞(CVE-2015-3337)测试环境 jre版本:openjdk:8-jre elasticsearch版本:v144 影响版本:145以下/152以下 原理 在安装了具有“site”功能的插件以后,插件目录使用/即可向上跳转,导致目录穿越漏洞,可读取任意文件。没有安装任意插件的elasticsearch不受影响。 测试

References

CWE-22http://www.securityfocus.com/archive/1/535385https://www.elastic.co/community/securityhttp://www.debian.org/security/2015/dsa-3241http://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.htmlhttp://www.securityfocus.com/bid/74353https://www.exploit-db.com/exploits/37054/https://nvd.nist.govhttps://www.debian.org/security/./dsa-3241https://github.com/jas502n/CVE-2015-3337https://www.exploit-db.com/exploits/37054/https://access.redhat.com/security/cve/cve-2015-3337
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook