CVE-2015-5378

Опубликовано: 27 июн. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.

Ссылки

http://packetstormsecurity.com/files/132800/Logstash-1.5.2-SSL-TLS-FREAK.html
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/536050/100/0/threaded
http://www.securityfocus.com/archive/1/536859/100/0/threaded
http://www.securityfocus.com/bid/76015
Third Party Advisory
VDB Entry
https://www.elastic.co/community/security
Vendor Advisory
http://packetstormsecurity.com/files/132800/Logstash-1.5.2-SSL-TLS-FREAK.html
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/536050/100/0/threaded
http://www.securityfocus.com/archive/1/536859/100/0/threaded
http://www.securityfocus.com/bid/76015
Third Party Advisory
VDB Entry
https://www.elastic.co/community/security
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:elastic:logstash:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:elastic:logstash:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:elastic:logstash:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:elasticsearch:logstash:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:elasticsearch:logstash:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:elasticsearch:logstash:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:elasticsearch:logstash:1.5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00673

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2015-5378

CVSS3: 7.5

debian

больше 8 лет назад

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attac ...

GHSA-g6rc-3fpq-w2gr

CVSS3: 7.5

github

больше 3 лет назад

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.

EPSS

Процентиль: 71%

0.00673

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200