CVE-2015-3337

NUCLEI

Elasticsearch <1.4.5, <1.5.2 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.

Exploits (2)

exploitdb WORKING POC

by pandujar · pythonwebappsphp

https://www.exploit-db.com/exploits/37054

View Code ZIP pw:eip

nomisec WORKING POC 9 stars

by jas502n · poc

https://github.com/jas502n/CVE-2015-3337

View Code ZIP pw:eip

Nuclei Templates (1)

Elasticsearch - Local File Inclusion

MEDIUMby pdteam

FOFA: index_not_found_exception

References (6)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html

[Exploit] http://www.securityfocus.com/bid/74353

[Patch, Vendor Advisory] https://www.elastic.co/community/security

[Exploit] https://www.exploit-db.com/exploits/37054/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/535385

[Third Party Advisory] http://www.debian.org/security/2015/dsa-3241

Scores

EPSS 0.9109

EPSS Percentile 99.6%

Details

CWE

CWE-22

Status published

Products (4)

elasticsearch/elasticsearch 1.5.0

elasticsearch/elasticsearch 1.5.1

elasticsearch/elasticsearch < 1.4.4

org.elasticsearch/elasticsearch 0 - 1.4.5Maven

Published May 01, 2015

Tracked Since Feb 18, 2026