Vulnerability Details CVE-2015-5378
Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/132800/Logstash-1.5.2-SSL-TLS-FREAK.html
- http://www.securityfocus.com/archive/1/536050/100/0/threaded
- http://www.securityfocus.com/archive/1/536859/100/0/threaded
- http://www.securityfocus.com/bid/76015
- https://www.elastic.co/community/security
- http://packetstormsecurity.com/files/132800/Logstash-1.5.2-SSL-TLS-FREAK.html
- http://www.securityfocus.com/archive/1/536050/100/0/threaded
- http://www.securityfocus.com/archive/1/536859/100/0/threaded
- http://www.securityfocus.com/bid/76015
- https://www.elastic.co/community/security
Products affected by CVE-2015-5378
-
cpe:2.3:a:elastic:logstash:1.4.0
-
cpe:2.3:a:elastic:logstash:1.4.1
-
cpe:2.3:a:elastic:logstash:1.4.2
-
cpe:2.3:a:elasticsearch:logstash:1.4.3
-
cpe:2.3:a:elasticsearch:logstash:1.5.0
-
cpe:2.3:a:elasticsearch:logstash:1.5.1
-
cpe:2.3:a:elasticsearch:logstash:1.5.2