Elasticsearch 1.6.0 Directory Traversal

Published
Credit
Risk
2015.07.17
Benjamin Smith
Medium
CWE
CVE
Local
Remote
CWE-22
CVE-2015-5531
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

Summary:
Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack that allows an attacker to retrieve files that are readable by the Elasticsearch JVM process.

We have been assigned CVE-2015-5531 for this issue.


Fixed versions:
Versions 1.6.1 and 1.7.0 address the vulnerability.


Remediation:
Users should upgrade to the 1.6.1 or 1.7.0 releases. Users that do not wish to upgrade can use a firewall, reverse proxy, or Shield to prevent snapshot API calls from untrusted sources.


CVSS
Overall CVSS score: 2.6


Credits:
Benjamin Smith reported the issue.

References:

http://cxsecurity.com/issue/WLB-2015070080


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com