CVE-2015-5531

Related Files

ElasticSearch Snapshot API Directory Traversal

Posted Oct 14, 2015

Authored by Pedro Andujar, Roberto S. Soares, Jose A. Guasch, Benjamin Smith | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in ElasticSearch, allowing an attacker to read arbitrary files with JVM process privileges, through the Snapshot API.

tags | exploit, arbitrary

advisories | CVE-2015-5531

SHA-256 | 9e9a04cf21f31c1319caa6af694dd744146d5b671a3f719be244d3e2a6ee6426

Download | Favorite | View

ElasticSearch Path Traversal Arbitrary File Download

Posted Oct 1, 2015

Authored by Pedro Andujar

Proof of concept code that demonstrates a path traversal vulnerability in ElasticSearch that allows for arbitrary file disclosure.

tags | exploit, arbitrary, proof of concept

systems | linux

advisories | CVE-2015-5531

SHA-256 | acc7fbc1802f44f38d620e53cd9d14a6ea2c9e4d060e96de4e1424e40872e719

Download | Favorite | View

Elasticsearch Directory Traversal

Posted Jul 17, 2015

Authored by Kevin Kluge

Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack that allows an attacker to retrieve files that are readable by the Elasticsearch JVM process.

tags | advisory, file inclusion

advisories | CVE-2015-5531

SHA-256 | b31e33f0be2db96a5fdb079e65aaf1b8bd17143da9e03e617b58e897d6aa2937

Download | Favorite | View