CVE-2015-5619

5.9MEDIUM

Key Information:

Vendor: Elastic
Status: Logstash
Vendor: CVE Published:; 9 August 2017

Summary

Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.

References

http://www.securityfocus.com/bid/76455

vdb-entryx_refsource_BID

https://www.elastic.co/blog/logstash-1-5-4-and-1-4-5-rele...

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/536294/100/0/threaded

mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 9, 2017
Vulnerability Reserved
Jul 22, 2015

.