[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Remote code execution vulnerability in Elasticsearch via unspecified vectors - CVE-2015-4165 (dpkg)

ID: oval:org.secpod.oval:def:26230Date: (C)2015-08-26   (M)2022-10-10
Class: VULNERABILITYFamily: unix




The host is installed with Elasticsearch 1.0.0 before 1.5.2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which doesn't ensure that other applications are not present on the system, or that Elasticsearch cannot write into areas where these applications would read. Successful exploitation could allow attackers to use Elasticsearch to modify files read and executed by certain other applications.

Platform:
Linux
Product:
elasticsearch
Reference:
CVE-2015-4165
CVE    1
CVE-2015-4165

© SecPod Technologies