GCVE - cpe:2.3:a:elasticsearch:elasticsearch:1.5.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:elasticsearch:elasticsearch:1.5.2:*:*:*:*:*:*:*

part: a version: 1.5.2 update: *

Vendor	Elasticsearch (`453210ca-2d0c-5f06-95bd-23f75cccb6c2`)
Product	Elasticsearch (`6bcea840-227d-5ed6-8f02-a3416ff4dbe9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/elastic/elasticsearch`	purl2cpe	2026-06-01 10:16:25.599679
`pkg:maven/org.elasticsearch/elasticsearch`	purl2cpe	2026-06-01 10:16:25.599681
`pkg:sourceforge/elasticsearch.mirror`	purl2cpe	2026-06-01 10:16:25.599683

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2015-4165`	vulnerable	2026-06-08 05:06:39.300889	Details available The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code. Published: 2017-08-09T16:00:00.000Z Updated: 2024-08-06T06:04:02.911Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/132234/Elasticsearch-1.5.2-File-Creation.html http://www.securityfocus.com/archive/1/535727/100/0/threaded http://www.securityfocus.com/bid/75113 https://bugzilla.redhat.com/show_bug.cgi?id=1230761 http://www.securityfocus.com/archive/1/536855/100/0/threaded	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.