Remote code execution vulnerability in Elasticsearch via unspecified vectors - CVE-2015-4165 (dpkg)ID: oval:org.secpod.oval:def:26230 | Date: (C)2015-08-26 (M)2022-10-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with Elasticsearch 1.0.0 before 1.5.2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which doesn't ensure that other applications are not present on the system, or that Elasticsearch cannot write into areas where these applications would read. Successful exploitation could allow attackers to use Elasticsearch to modify files read and executed by certain other applications.