Directory Traversal Vulnerability in Elasticsearch by Elastic
CVE-2015-3337

Currently unrated

Key Information:

Vendor: Elastic
Status: Elasticsearch
Vendor: CVE Published:; 1 May 2015

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 91%

What is CVE-2015-3337?

A directory traversal vulnerability exists in Elasticsearch prior to version 1.4.5 and in the 1.5.x branch before version 1.5.2. This vulnerability can be exploited when a site plugin is enabled, allowing remote attackers to access and read arbitrary files on the server through unspecified vectors. This could lead to unauthorized information disclosure, making it critical for users to upgrade to the patched versions to mitigate potential security risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-3337 - Proof of Concept

CVE-2015-3337
Created by jas502n

References

http://www.securityfocus.com/bid/74353

vdb-entryx_refsource_BID

http://packetstormsecurity.com/files/131646/Elasticsearch...

x_refsource_MISC

http://www.securityfocus.com/archive/1/535385

mailing-listx_refsource_BUGTRAQ

EPSS Score

91% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 21, 2019
👾
Exploit known to exist
Jun 21, 2019
Vulnerability published
May 1, 2015
Vulnerability Reserved
Apr 20, 2015

CVE-2015-3337 Data

JSON