Vulnerability CVE-2015-5531

Vulnerability Name:

CVE-2015-5531 (CCN-104848)

Assigned:

2015-07-16

Published:

2015-07-16

Updated:

2018-10-09

Summary:

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-22

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2015-5531

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/133964/ElasticSearch-Snapshot-API-Directory-Traversal.html

Source: CCN
Type: BugTraq Mailing List, Thu, 16 Jul 2015 10:19:58 -0700
Elasticsearch CVE-2015-5531

Source: CCN
Type: ElasticSearch Web site
ElasticSearch

Source: CCN
Type: IBM Security Bulletin 1964010
Multiple security vulnerabilities in ElasticSearch might affect Process Federation Server (PFS) in IBM Business Process Manager (BPM) - CVE-2015-5531, CVE-2015-5377

Source: BUGTRAQ
Type: UNKNOWN
20150716 Elasticsearch CVE-2015-5531

Source: BID
Type: UNKNOWN
75935

Source: CCN
Type: BID-75935
Elasticsearch CVE-2015-5531 Directory Traversal Vulnerability

Source: XF
Type: UNKNOWN
elasticsearch-cve20155531-dir-trav(104848)

Source: CCN
Type: Packet Storm Security [10-01-2015]
ElasticSearch Path Traversal Arbitrary File Download

Source: CCN
Type: Packet Storm Security [10-14-2015]
ElasticSearch Snapshot API Directory Traversal

Source: CONFIRM
Type: Vendor Advisory
https://www.elastic.co/community/security/

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [10-02-2015]

Source: EXPLOIT-DB
Type: UNKNOWN
38383

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [05-30-2018]
ElasticSearch Snapshot API Directory Traversal

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-5531

Vulnerable Configuration:

Configuration 1:

cpe:/a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:* (Version <= 1.6.0)

Configuration CCN 1:

cpe:/a:elasticsearch:elasticsearch:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:elasticsearch:elasticsearch:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:anynines:elasticsearch:1.0.0:*:*:*:*:pivotal_cloud_foundry:*:*

OR cpe:/a:elasticsearch:elasticsearch:1.6.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:business_process_manager:8.5.6:*:*:*:advanced:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.artful:def:20155531000	V	CVE-2015-5531 on Ubuntu 17.10 (artful) - low.	2015-08-17
oval:com.ubuntu.xenial:def:20155531000	V	CVE-2015-5531 on Ubuntu 16.04 LTS (xenial) - low.	2015-08-17
oval:com.ubuntu.xenial:def:201555310000000	V	CVE-2015-5531 on Ubuntu 16.04 LTS (xenial) - low.	2015-08-17

BACK