Lucene search
K

439 matches found

CNVD
CNVD
added 2015/06/17 12:0 a.m.7 views

Elasticsearch Logstash File Output Plugin Directory Traversal Vulnerability

Elasticsearch Logstash is a set of log analysis and monitoring tools. The tool provides features such as search, processing and management of logs or events. A directory traversal vulnerability in the file output plugin for Elasticsearch Logstash allows remote attackers to write arbitrary files t...

6.4CVSS7.1AI score0.0303EPSS
Exploits1References1
NVD
NVD
added 2015/06/15 3:59 p.m.24 views

CVE-2015-4152

Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option...

6.4CVSS6.6AI score0.0303EPSS
Exploits1References4
Prion
Prion
added 2015/06/15 3:59 p.m.15 views

Directory traversal

Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option...

6.4CVSS7.2AI score0.0303EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2015/06/15 3:0 p.m.61 views

CVE-2015-4152

CVE-2015-4152 describes a directory traversal vulnerability in the Elasticsearch Logstash file output plugin prior to 1.4.3. The issue arises from dynamic field references in the path option, enabling remote attackers to write to arbitrary files with the privileges of the Logstash user. Public so...

6.4CVSS6.7AI score0.0303EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2015/06/15 3:0 p.m.31 views

CVE-2015-4152

Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option...

6.5AI score0.0303EPSS
Exploits1References4
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.65 views

Logstash vulnerability CVE-2015-4152

Summary: Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to over-write files on the server running Logstash. This vulnerability is not present in the initial installation of Logstash. The vulnerability is exposed when the file output plugin...

6.4CVSS2.8AI score0.0303EPSS
Exploits1
0day.today
0day.today
added 2015/06/10 12:0 a.m.48 views

Logstash 1.4.2 Directory Traversal Vulnerability

Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to overwrite files on the server running Logstash. Summary: Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to over-write files on the...

6.4CVSS6.4AI score0.0303EPSS
Exploits1
Elastic
Elastic
added 2015/06/09 9:42 p.m.9 views

Logstash File Output Vulnerability CVE-2015-4152

Summary: Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to over-write files on the server running Logstash. This vulnerability is not present in the initial installation of Logstash. The vulnerability is exposed when the file output plugin...

6.4CVSS6.9AI score0.0303EPSS
Exploits1
FreeBSD
FreeBSD
added 2015/06/09 12:0 a.m.29 views

logstash-forwarder and logstash -- susceptibility to POODLE vulnerability

Elastic reports: The combination of Logstash Forwarder and Lumberjack input and output was vulnerable to the POODLE attack in SSLv3 protocol. We have disabled SSLv3 for this combination and set the minimum version to be TLSv1.0. We have added this vulnerability to our CVE page and are working on...

1.5AI score
Exploits0References2
FreeBSD
FreeBSD
added 2015/06/09 12:0 a.m.32 views

logstash -- Directory traversal vulnerability in the file output plugin

Elastic reports: An attacker could use the File output plugin with dynamic field references in the path option to traverse paths outside of Logstash directory. This technique could also be used to overwrite any files which can be accessed with permissions associated with Logstash user. This relea...

6.4CVSS6.3AI score0.0303EPSS
Exploits1References2
securityvulns
securityvulns
added 2014/10/16 12:0 a.m.67 views

CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.

Vendor: Elasticsearch Product: Logstash CVE: CVE-2014-4326 Affected versions: Logstash 1.0.14 through 1.4.1 Recommendations: All affected users should upgrade to Logstash 1.4.2. We also provide patch instructions for Logstash 1.3.x at the bottom of this note. The vulnerability impacts deployments...

7.5CVSS0.3AI score0.03297EPSS
Exploits0
n0where
n0where
added 2014/08/05 9:17 p.m.38 views

Distributed Packet Monitoring System: Packetbeat

Packetbeat is a distributed packet monitoring system that can be used for application performance management. Think of it like a distributed real-time Wireshark with a lot more analytics features. Agents sniff the traffic between your application processes, parse on the fly protocols like HTTP,...

0.7AI score
Exploits0References1
NVD
NVD
added 2014/07/22 2:55 p.m.28 views

CVE-2014-4326

Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in 1 zabbix.rb or 2 nagiosnsca.rb in outputs/...

7.5CVSS7.4AI score0.03297EPSS
Exploits0References3
Prion
Prion
added 2014/07/22 2:55 p.m.17 views

Design/Logic Flaw

Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in 1 zabbix.rb or 2 nagiosnsca.rb in outputs/...

7.5CVSS7.9AI score0.03297EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/07/22 2:0 p.m.31 views

CVE-2014-4326

Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in 1 zabbix.rb or 2 nagiosnsca.rb in outputs/...

7.3AI score0.03297EPSS
Exploits0References3
CVE
CVE
added 2014/07/22 2:0 p.m.60 views

CVE-2014-4326

CVE-2014-4326 affects Elastic/Logstash prior to 1.4.2 when configured with the Zabbix or Nagios outputs. A crafted event sent to the outputs/ handlers (zabbix.rb or nagios_nsca.rb) allows remote code execution, enabling an attacker to run arbitrary OS commands. Affected versions are Logstash 1.0....

7.5CVSS7.5AI score0.03297EPSS
Exploits0References3Affected Software1
FreeBSD
FreeBSD
added 2014/06/24 12:0 a.m.34 views

logstash -- Remote command execution in Logstash zabbix and nagios_nsca outputs

Elastic reports: The vulnerability impacts deployments that use the either the zabbix or the nagiosnsca outputs. In these cases, an attacker with an ability to send crafted events to any source of data for Logstash could execute operating system commands with the permissions of the Logstash...

7.5CVSS6.7AI score0.03297EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2014/05/22 12:0 a.m.589 views

Elastic Elasticsearch Detection (HTTP)

HTTP based detection of Elastic Elasticsearch. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7AI score
Exploits0
FreeBSD
FreeBSD
added 2014/05/22 12:0 a.m.43 views

elasticsearch and logstash -- remote OS command execution via dynamic scripting

Elastic reports: Vulnerability Summary: In Elasticsearch versions 1.1.x and prior, dynamic scripting is enabled by default. This could allow an attacker to execute OS commands. Remediation Summary: Disable dynamic scripting. Logstash 1.4.2 was bundled with Elasticsearch 1.1.1, which is vulnerable...

8.1CVSS7.4AI score0.88559EPSS
Exploits17References7
Rows per page
Query Builder