ElasticSearch Snapshot API Directory Traversal Vulnerability (CVE-2015-5531)

• Email
• Facebook
• 
  Twitter
• Google+
• Linkedin

  Severity: CRITICAL

---

  DESCRIPTION

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1000128