ID de Prueba:	1.3.6.1.4.1.25623.1.0.808502
Categoría:	Web application abuses
Título:	Elasticsearch < 1.6.1 Multiple Vulnerabilities - Linux
Resumen:	Elasticsearch is prone to multiple vulnerabilities.
Descripción:	Summary: Elasticsearch is prone to multiple vulnerabilities. Vulnerability Insight: The Flaw is due to: - an error in the snapshot API calls (CVE-2015-5531) - an attack that can result in remote code execution (CVE-2015-5377). Vulnerability Impact: Successful exploitation will allow remote attackers to execute code or read arbitrary files. Affected Software/OS: Elasticsearch version 1.0.0 through 1.6.0 on Linux. Solution: Update to Elasticsearch version 1.6.1, or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5531 BugTraq ID: 75935 http://www.securityfocus.com/bid/75935 Bugtraq: 20150716 Elasticsearch CVE-2015-5531 (Google Search) http://www.securityfocus.com/archive/1/536017/100/0/threaded https://www.exploit-db.com/exploits/38383/ http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html http://packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html http://packetstormsecurity.com/files/133964/ElasticSearch-Snapshot-API-Directory-Traversal.html Common Vulnerability Exposure (CVE) ID: CVE-2015-5377 BugTraq ID: 75938 http://www.securityfocus.com/bid/75938 http://www.zerodayinitiative.com/advisories/ZDI-15-365/ https://github.com/elastic/elasticsearch/commit/bf3052d14c874aead7da8855c5fcadf5428a43f2
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.