cve/2015/CVE-2015-3337.md

### [CVE-2015-3337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3337)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.

### POC

#### Reference
- http://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html
- https://www.elastic.co/community/security
- https://www.exploit-db.com/exploits/37054/

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Awrrays/FrameVul
- https://github.com/CLincat/vulcat
- https://github.com/CrackerCat/myhktools
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/GhostTroops/myhktools
- https://github.com/H4cking2theGate/TraversalHunter
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/ZTK-009/RedTeamer
- https://github.com/amcai/myscan
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/cyberharsh/elasticsearch
- https://github.com/do0dl3/myhktools
- https://github.com/enomothem/PenTestNote
- https://github.com/fengjixuchui/RedTeamer
- https://github.com/hktalent/myhktools
- https://github.com/huimzjty/vulwiki
- https://github.com/iqrok/myhktools
- https://github.com/jas502n/CVE-2015-3337
- https://github.com/password520/RedTeamer
- https://github.com/superfish9/pt
- https://github.com/t0m4too/t0m4to
- https://github.com/touchmycrazyredhat/myhktools
- https://github.com/trhacknon/myhktools
- https://github.com/zhibx/fscan-Intranet