Test Kennung:	1.3.6.1.4.1.25623.1.0.107279
Kategorie:	General
Titel:	Elastic Logstash 'CVE-2015-5378' Man in the Middle Security Bypass Vulnerability (Linux)
Zusammenfassung:	Elastic Logstash is prone to a security-bypass vulnerability.;; This script has been merged into the VT 'Elastic Logstash 'CVE-2015-5378' Man in the Middle Security Bypass Vulnerability'; (OID: 1.3.6.1.4.1.25623.1.0.107278)
Beschreibung:	Summary: Elastic Logstash is prone to a security-bypass vulnerability. This script has been merged into the VT 'Elastic Logstash 'CVE-2015-5378' Man in the Middle Security Bypass Vulnerability' (OID: 1.3.6.1.4.1.25623.1.0.107278) Vulnerability Insight: The flaw is due to the usage of Lumberjack input (in combination with Logstash Forwarder agent) Vulnerability Impact: Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Affected Software/OS: Elastic Logstash version prior to 1.5.3 or 1.4.4 on Linux. Solution: Users should update to 1.5.3 or 1.4.4. Users that do not want to upgrade can address the vulnerability by disabling the Lumberjack input. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	BugTraq ID: 76015 Common Vulnerability Exposure (CVE) ID: CVE-2015-5378 http://www.securityfocus.com/bid/76015 Bugtraq: 20150721 Logstash vulnerability CVE-2015-5378 (Google Search) http://www.securityfocus.com/archive/1/536050/100/0/threaded Bugtraq: 20151106 CVE-2015-5378 (Google Search) http://www.securityfocus.com/archive/1/536859/100/0/threaded http://packetstormsecurity.com/files/132800/Logstash-1.5.2-SSL-TLS-FREAK.html
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.