Описание
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-5531
- https://www.elastic.co/community/security
- https://www.exploit-db.com/exploits/38383
- http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html
- http://packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html
- http://packetstormsecurity.com/files/133964/ElasticSearch-Snapshot-API-Directory-Traversal.html
Пакеты
org.elasticsearch:elasticsearch
<= 1.6.0
1.6.1
Связанные уязвимости
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows ...