Moderate severityNVD Advisory· Published May 1, 2015· Updated Jun 17, 2026
CVE-2015-3337
CVE-2015-3337
Description
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.elasticsearch:elasticsearchMaven | < 1.4.5 | 1.4.5 |
org.elasticsearch:elasticsearchMaven | >= 1.5.0, < 1.5.2 | 1.5.2 |
Affected products
4cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:*range: <=1.4.4
- cpe:2.3:a:elasticsearch:elasticsearch:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:elasticsearch:1.5.1:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
9- www.elastic.co/community/securitynvdPatchVendor AdvisoryWEB
- www.securityfocus.com/bid/74353nvdExploit
- www.exploit-db.com/exploits/37054/nvdExploit
- github.com/advisories/GHSA-x8q8-4hp5-463wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-3337ghsaADVISORY
- packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.htmlnvdWEB
- www.debian.org/security/2015/dsa-3241nvdWEB
- www.exploit-db.com/exploits/37054ghsaWEB
- www.securityfocus.com/archive/1/535385nvd
News mentions
0No linked articles in our index yet.