Vulnerability Name: | CVE-2015-4152 (CCN-103786) | ||||||||
Assigned: | 2015-06-09 | ||||||||
Published: | 2015-06-09 | ||||||||
Updated: | 2019-06-17 | ||||||||
Summary: | Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P) 4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-22 | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: MITRE Type: CNA CVE-2015-4152 Source: MISC Type: UNKNOWN http://packetstormsecurity.com/files/132233/Logstash-1.4.2-Directory-Traversal.html Source: CCN Type: BugTraq Mailing List, Tue, 9 Jun 2015 14:37:36 -0700 Logstash vulnerability CVE-2015-4152 Source: BUGTRAQ Type: UNKNOWN 20150609 Logstash vulnerability CVE-2015-4152 Source: XF Type: UNKNOWN logstash-cve20154152-dir-traversal(103786) Source: CONFIRM Type: Vendor Advisory https://www.elastic.co/blog/logstash-1-4-3-released Source: CONFIRM Type: Vendor Advisory https://www.elastic.co/community/security/ Source: CCN Type: Elasticsearch Web site Download Logstash | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |