Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/132800/Logstash-1.5.2-SSL-TLS-FREAK.html | Third Party Advisory VDB Entry |
http://www.securityfocus.com/archive/1/536050/100/0/threaded | |
http://www.securityfocus.com/archive/1/536859/100/0/threaded | |
http://www.securityfocus.com/bid/76015 | Third Party Advisory VDB Entry |
https://www.elastic.co/community/security | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-06-27 20:29
Updated : 2024-02-04 19:29
NVD link : CVE-2015-5378
Mitre link : CVE-2015-5378
CVE.ORG link : CVE-2015-5378
JSON object : View
Products Affected
elastic
- logstash
elasticsearch
- logstash
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor