CVE-2015-3337

NUCLEI

Elasticsearch <1.4.5, <1.5.2 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-3337. PoCs published by pandujar, jas502n. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability in ElasticSearch plugins to read arbitrary files on the server. It checks for common plugins and attempts to retrieve specified files via crafted HTTP requests.

Description

Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.

Exploits (2)

exploitdb WORKING POC
by pandujar · pythonwebappsphp
https://www.exploit-db.com/exploits/37054

This exploit leverages a directory traversal vulnerability in ElasticSearch plugins to read arbitrary files on the server. It checks for common plugins and attempts to retrieve specified files via crafted HTTP requests.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ElasticSearch versions prior to 1.5.2 and 1.4.5
No auth needed
Prerequisites: Network access to ElasticSearch HTTP port (default 9200) · Presence of a vulnerable plugin
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 9 stars
by jas502n · poc
https://github.com/jas502n/CVE-2015-3337

This PoC exploits a directory traversal vulnerability in ElasticSearch's 'head' plugin to read arbitrary files on the server. The script constructs a malicious URL path to bypass access controls and retrieve sensitive files like /etc/passwd.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ElasticSearch with 'head' plugin (versions affected by CVE-2015-3337)
No auth needed
Prerequisites: Network access to ElasticSearch instance with vulnerable 'head' plugin installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Elasticsearch - Local File Inclusion
MEDIUMby pdteam
FOFA: index_not_found_exception

References (6)

Core 6
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74353
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535385
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37054/
Patch, Vendor Advisory x_refsource_confirm
https://www.elastic.co/community/security
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3241

Scores

EPSS 0.9177
EPSS Percentile 99.7%

Details

CWE
CWE-22
Status published
Products (4)
elasticsearch/elasticsearch 1.5.0
elasticsearch/elasticsearch 1.5.1
elasticsearch/elasticsearch < 1.4.4
org.elasticsearch/elasticsearch 0 - 1.4.5Maven
Published May 01, 2015
Tracked Since Feb 18, 2026