Vulnerability Name:

CVE-2015-3337 (CCN-102607)

Assigned:2015-04-27
Published:2015-04-27
Updated:2015-06-25
Summary:Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.4 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-22
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2015-3337

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html

Source: CCN
Type: BugTraq Mailing List, Mon, 27 Apr 2015 15:47:22 +0200
Elasticsearch vulnerability CVE-2015-3337

Source: DEBIAN
Type: UNKNOWN
DSA-3241

Source: CCN
Type: ElasticSearch Web site
ElasticSearch

Source: BUGTRAQ
Type: UNKNOWN
20150427 Elasticsearch vulnerability CVE-2015-3337

Source: BID
Type: Exploit
74353

Source: CCN
Type: BID-74353
Elasticsearch CVE-2015-3337 Directory Traversal Vulnerability

Source: XF
Type: UNKNOWN
elasticsearch-cve20153337-dir-traversal(102607)

Source: CCN
Type: Packet Storm Security [05-01-2015]
ElasticSearch Directory Traversal Proof Of Concept

Source: CONFIRM
Type: Patch, Vendor Advisory
https://www.elastic.co/community/security

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [05-18-2015]

Source: EXPLOIT-DB
Type: Exploit
37054

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-3337

Vulnerable Configuration:Configuration 1:
  • cpe:/a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:* (Version <= 1.4.4)
  • OR cpe:/a:elasticsearch:elasticsearch:1.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:elasticsearch:elasticsearch:1.5.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:elasticsearch:elasticsearch:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:elasticsearch:elasticsearch:1.4.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.cisecurity:def:76
    P
    		DSA-3241-1 -- elasticsearch -- security update
    2016-02-08
    BACK
    elasticsearch elasticsearch *
    elasticsearch elasticsearch 1.5.0
    elasticsearch elasticsearch 1.5.1
    elasticsearch elasticsearch 1.5.1
    elasticsearch elasticsearch 1.4.4