CVE-2015-3337 Information

Description

Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 when a site plugin is enabled allows remote attackers to read arbitrary files via unspecified vectors.

Reference

http://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html http://www.debian.org/security/2015/dsa-3241 http://www.securityfocus.com/archive/1/535385 http://www.securityfocus.com/bid/74353 https://www.elastic.co/community/security https://www.exploit-db.com/exploits/37054/