Logstash Security Vulnerabilities and Issues — Logstash CVE List

Lucene search

ElasticLogstash

4 matches found

CVE•added 2017/06/27 8:29 p.m.•45 views

CVE-2015-5378

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.

7.5CVSS7.3AI score0.01188EPSS

CVE•added 2017/06/16 9:29 p.m.•45 views

CVE-2016-1000221

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.

7.5CVSS7.4AI score0.00749EPSS

CVE•added 2017/06/16 9:29 p.m.•42 views

CVE-2016-1000222

Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.

7.5CVSS7.4AI score0.0035EPSS

CVE•added 2017/06/16 9:29 p.m.•41 views

CVE-2016-10363

Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can ...

7.5CVSS7.5AI score0.00598EPSS