Lucene search

FreeBSDA71E7440-1BA3-11E5-B43D-002590263BF5

HistoryApr 27, 2015 - 12:00 a.m.

elasticsearch -- directory traversal attack with site plugins

2015-04-2700:00:00

vuxml.freebsd.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.962 High

EPSS

Percentile

99.5%

JSON

Elastic reports:

Vulnerability Summary: All Elasticsearch versions prior to 1.5.2
and 1.4.5 are vulnerable to a directory traversal attack that allows
an attacker to retrieve files from the server running Elasticsearch
when one or more site plugins are installed, or when Windows is the
server OS.
Remediation Summary: Users should upgrade to 1.4.5 or 1.5.2. Users
that do not want to upgrade can address the vulnerability by
disabling site plugins. See the CVE description for additional
options.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchelasticsearch< 1.4.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	elasticsearch	< 1.4.5	UNKNOWN

References

www.securityfocus.com/archive/1/535385

packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html

www.elastic.co/blog/elasticsearch-1-5-2-and-1-4-5-released

www.elastic.co/community/security

www.exploit-db.com/exploits/37054/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.962 High

EPSS

Percentile

99.5%

JSON

Related for A71E7440-1BA3-11E5-B43D-002590263BF5