Candidate: CVE-2015-3337
PublicDate: 2015-05-01 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3337
 https://www.elastic.co/blog/elasticsearch-1-5-2-and-1-4-5-released
Description:
 Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x
 before 1.5.2, when a site plugin is enabled, allows remote attackers to
 read arbitrary files via unspecified vectors.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: John Heasman
Assigned-to:
CVSS: 

Patches_elasticsearch:
upstream_elasticsearch: released (1.0.3+dfsg-5+deb8u1)
lucid_elasticsearch: DNE
precise_elasticsearch: DNE
trusty_elasticsearch: DNE
trusty/esm_elasticsearch: DNE
utopic_elasticsearch: DNE
vivid_elasticsearch: released (1.0.3+dfsg-5+deb8u1build0.15.04.1)
devel_elasticsearch: not-affected (1.0.3+dfsg-7)