SecurityHome.eu Security vulnerability: Elasticsearch Directory Traversal

Home / vulnerabilities PDF

Elasticsearch Directory Traversal
Posted on 17 July 2015
Source : packetstormsecurity.org Link

Summary:
Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack that allows an attacker to retrieve files that are readable by the Elasticsearch JVM process.

We have been assigned CVE-2015-5531 for this issue.

Fixed versions:
Versions 1.6.1 and 1.7.0 address the vulnerability.

Remediation:
Users should upgrade to the 1.6.1 or 1.7.0 releases. Users that do not wish to upgrade can use a firewall, reverse proxy, or Shield to prevent snapshot API calls from untrusted sources.

CVSS
Overall CVSS score: 2.6

Credits:
Benjamin Smith reported the issue.

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Docker Privileged Container Kernel Escape
Systemd Insecure PTY Handling
SOPlanning 1.52.00 Cross Site Scripting
SOPlanning 1.52.00 Cross Site Request Forgery
SOPlanning 1.52.00 SQL Injection

Last 20