CVE-2015-4165
published 2017-08-09CVE-2015-4165: The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is…
PriorityP349high7.5CVSS 3.0
AVNACHPRLUINSUCHIHAH
EPSS
4.45%
90.2th percentile
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | elasticsearch | >= 0 < 1.7.3+dfsg-3 | 1.7.3+dfsg-3 |
| elasticsearch | elasticsearch | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
osv7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
elasticsearch: unspecified arbitrary files modification vulnerability
vendor_redhat·2015-06-09·CVSS 7.5
CVE-2015-4165 [HIGH] elasticsearch: unspecified arbitrary files modification vulnerability
elasticsearch: unspecified arbitrary files modification vulnerability
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code.
Statement: This issue affects the versions of elasticsearch as shipped with Red Hat Satellite 6.x and Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to t
OSV
Improper Access Control in Elasticsearch
osv·2022-05-14
CVE-2015-4165 [HIGH] Improper Access Control in Elasticsearch
Improper Access Control in Elasticsearch
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code.
GHSA
Improper Access Control in Elasticsearch
ghsa·2022-05-14
CVE-2015-4165 [HIGH] CWE-284 Improper Access Control in Elasticsearch
Improper Access Control in Elasticsearch
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code.
OSV
CVE-2015-4165: The snapshot API in Elasticsearch before 1
osv·2017-08-09·CVSS 7.5
CVE-2015-4165 [HIGH] CVE-2015-4165: The snapshot API in Elasticsearch before 1
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-4165 elasticsearch: unspecified arbitrary files modification vulnerability [fedora-all]
bugzilla·2015-06-11·CVSS 7.5
CVE-2015-4165 [HIGH] CVE-2015-4165 elasticsearch: unspecified arbitrary files modification vulnerability [fedora-all]
CVE-2015-4165 elasticsearch: unspecified arbitrary files modification vulnerability [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple sup
Bugzilla
CVE-2015-4165 elasticsearch: unspecified arbitrary files modification vulnerability
bugzilla·2015-06-11·CVSS 7.5
CVE-2015-4165 [HIGH] CVE-2015-4165 elasticsearch: unspecified arbitrary files modification vulnerability
CVE-2015-4165 elasticsearch: unspecified arbitrary files modification vulnerability
All Elasticsearch versions from 1.0.0 to 1.5.2 are vulnerable to an attack that uses Elasticsearch to modify files read and executed by certain other applications.
Upstream bug/commit unknown at the time of writing.
Mitigation:
Users should upgrade to 1.6.0. Alternately, ensure that other applications are not present on the system, or that Elasticsearch cannot write into areas where these applications would read.
External References:
https://www.elastic.co/community/security/
Discussion:
Created elasticsearch tracking bugs for this issue:
Affects: fedora-all [bug 1230765]
---
Additional information:
https://discuss.elastic.co/t/elasticsearch-engineered-attack-vulnerability-cve-2015-4165/2256
Summ
http://packetstormsecurity.com/files/132234/Elasticsearch-1.5.2-File-Creation.htmlhttp://www.securityfocus.com/archive/1/535727/100/0/threadedhttp://www.securityfocus.com/archive/1/536855/100/0/threadedhttp://www.securityfocus.com/bid/75113https://bugzilla.redhat.com/show_bug.cgi?id=1230761https://www.elastic.co/community/security/http://packetstormsecurity.com/files/132234/Elasticsearch-1.5.2-File-Creation.htmlhttp://www.securityfocus.com/archive/1/535727/100/0/threadedhttp://www.securityfocus.com/archive/1/536855/100/0/threadedhttp://www.securityfocus.com/bid/75113https://bugzilla.redhat.com/show_bug.cgi?id=1230761https://www.elastic.co/community/security/
2017-08-09
Published