Download
| Alert*
oval:org.secpod.oval:def:24268
The host is installed with Elasticsearch 1.4.x before 1.4.5 or 1.5.x before 1.5.2 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to read arbitrary files. oval:org.secpod.oval:def:602068 John Heasman discovered that the site plugin handling of the Elasticsearch search engine was susceptible to directory traversal. oval:org.secpod.oval:def:24270 The host is installed with Elasticsearch 1.4.x before 1.4.5 or 1.5.x before 1.5.2 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to read arbitrary files. |