Elasticsearch 8.8.2, 7.17.11 Security Update

Elasticsearch Denial of Service DoS issue ESA-2023-10 This issue only affects users that have at least one OpenID Connect authentication realm or at least one JWT authentication realm configured. A denial of service vulnerability was discovered in Elasticsearch that could lead to the service...

Exposure of Sensitive Information in Apache Tomcat

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...

Core Elastic Stack Security Features Now Available For Free Users As Well

Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users. ELK Stack or Elastic Stack is a collection of three powerful ope...

tomcat6 Information disclosure in authentication classes

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...