CVE-2015-3337

EPSS 91.1%

elasticsearch - security update

Published: 5/17/2022Modified: 3/9/2026

Description

Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.

Affected packages (2)

Debian/elasticsearchfrom 0, < 1.0.3+dfsg-5+deb8u1
Maven/org.elasticsearch:elasticsearchfrom 0, < 1.4.5

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-3337
WEBhttp://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html
WEBhttps://www.elastic.co/community/security
WEBhttps://www.exploit-db.com/exploits/37054
WEBhttp://www.debian.org/security/2015/dsa-3241