CVE-2015-3337

Related Files

ElasticSearch Directory Traversal Proof Of Concept

Posted May 1, 2015

Authored by John Heasman, Pedro Andujar

ElasticPwn is a proof of concept exploit that demonstrates the directory traversal vulnerability in versions prior to 1.5.2 and 1.4.5.

tags | exploit, proof of concept

advisories | CVE-2015-3337

SHA-256 | b8dc5f1df82809852d6a77c351c7f2eb981f60244033ee5ab50a39260d9b0d1a

Download | Favorite | View

Debian Security Advisory 3241-1

Posted Apr 30, 2015

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3241-1 - John Heasman discovered that the site plugin handling of the Elasticsearch search engine was susceptible to directory traversal.

tags | advisory

systems | linux, debian

advisories | CVE-2015-3337

SHA-256 | fce5038a8b3f95eef78c548ff16d6571a4ba1f233ef9e0f3f8b8cd11472f084c

Download | Favorite | View

Elasticsearch Directory Traversal

Posted Apr 27, 2015

Authored by John Heasman

All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch.

tags | advisory, file inclusion

advisories | CVE-2015-3337

SHA-256 | e14bc9f35bf13a67b98981ea4b74e9432b3624b8a7bccf2d1aad94a07d646fee

Download | Favorite | View