[java-sig-commits] [Bug 1230761] New: CVE-2015-4165 elasticsearch: unspecified arbitrary files modification vulnerability

11 Jun 2015


      https://bugzilla.redhat.com/show_bug.cgi?id=1230761
Bug ID: 1230761
           Summary: CVE-2015-4165 elasticsearch: unspecified arbitrary
                    files modification vulnerability
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: high
          Priority: high
          Assignee: security-response-team@redhat.com
          Reporter: vkaigoro@redhat.com
                CC: bkabrda@redhat.com, bkearney@redhat.com,
                    bobjensen@gmail.com, cbillett@redhat.com,
                    cpelland@redhat.com, cperry@redhat.com,
                    java-sig-commits@lists.fedoraproject.org,
                    jvanek@redhat.com, katello-bugs@redhat.com,
                    kseifried@redhat.com, mmccune@redhat.com,
                    ohadlevy@redhat.com, pbrobinson@gmail.com,
                    tjay@redhat.com, tomckay@redhat.com, zbyszek@in.waw.pl
All Elasticsearch versions from 1.0.0 to 1.5.2 are vulnerable to an attack that
uses Elasticsearch to modify files read and executed by certain other
applications.
Upstream bug/commit unknown at the time of writing.
Mitigation:
===========
Users should upgrade to 1.6.0. Alternately, ensure that other applications are
not present on the system, or that Elasticsearch cannot write into areas where
these applications would read.
External References:
https://www.elastic.co/community/security/
-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=H4BjU1KRX1&a=cc_unsubscribe

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[java-sig-commits] [Bug 1230761] New: CVE-2015-4165 elasticsearch: unspecified arbitrary files modification vulnerability