Lucene search
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.LOGSTASH_ESA_2014_02.NASLHistoryDec 06, 2018 - 12:00 a.m.
Logstash ESA-2014-02
2018-12-0600:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
Logstash 1.4.1 and prior, when configured to use the Zabbix or Nagios outputs, allows an attacker with access to send crafted events to Logstash inputs to cause Logstash to execute OS commands.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(119461);
script_version("1.2");
script_cvs_date("Date: 2019/11/01");
script_cve_id("CVE-2014-4326");
script_name(english:"Logstash ESA-2014-02");
script_summary(english:"Checks the version of Logstash.");
script_set_attribute(attribute:"synopsis", value:
"The remote web server hosts a Java application that is vulnerable.");
script_set_attribute(attribute:"description", value:
"Logstash 1.4.1 and prior, when configured to use the Zabbix or Nagios
outputs, allows an attacker with access to send crafted events to
Logstash inputs to cause Logstash to execute OS commands.");
# https://www.elastic.co/community/security
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3f00797e");
script_set_attribute(attribute:"solution", value:
"Upgrade to Logstash 1.4.2 or later, or disable the Zabbix and Nagios
outputs.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4326");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/24");
script_set_attribute(attribute:"patch_publication_date", value:"2014/06/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/06");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:elasticsearch:logstash");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("logstash_api_detect.nbin");
script_require_keys("installed_sw/Logstash");
script_require_ports("Services/www", 9600);
exit(0);
}
include("audit.inc");
include("http.inc");
include("vcf.inc");
app = "Logstash";
get_install_count(app_name:app, exit_if_zero:TRUE);
port = get_http_port(default:9600);
app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);
constraints = [
{ "fixed_version" : "1.4.2" }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| elasticsearch | logstash | cpe:/a:elasticsearch:logstash |
Related
securityvulns
securityvulns
freebsd
freebsd
cve
cve
CVE-2014-4326
2014-07-22 14:55:00
openvas
openvas
Elastic Logstash 'CVE-2014-4326' RCE Vulnerability - Linux
2016-06-28 00:00:00
Elastic Logstash 'CVE-2014-4326' Remote Code Execution Vulnerability
2016-06-24 00:00:00
nessus
nessus
prion
prion
Design/Logic Flaw
2014-07-22 14:55:00
Related for LOGSTASH_ESA_2014_02.NASL