CVE-2015-5531

Опубликовано: 17 авг. 2015

Источник: debian

EPSS Критический

Описание

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
elasticsearch	fixed	1.6.1+dfsg-1		package
elasticsearch	end-of-life		jessie	package

Примечания

https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security

EPSS

Процентиль: 100%

0.91581

Критический

Связанные уязвимости

CVE-2015-5531

ubuntu

больше 10 лет назад

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.

CVE-2015-5531

redhat

больше 10 лет назад

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.

CVE-2015-5531

nvd

больше 10 лет назад

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.

GHSA-jjq8-vfjq-j6v4

github

больше 3 лет назад

Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch

EPSS

Процентиль: 100%

0.91581

Критический