Detections
Analytics

Logstash ESA-2014-02

high Nessus Plugin ID 119461

Language:

Synopsis

The remote web server hosts a Java application that is vulnerable.

Description

Logstash 1.4.1 and prior, when configured to use the Zabbix or Nagios outputs, allows an attacker with access to send crafted events to Logstash inputs to cause Logstash to execute OS commands.

Solution

Upgrade to Logstash 1.4.2 or later, or disable the Zabbix and Nagios outputs.

See Also

http://www.nessus.org/u?3f00797e

Plugin Details

Severity: High

ID: 119461

File Name: logstash_esa_2014_02.nasl

Version: 1.2

Type: remote

Family: CGI abuses

Published: 12/6/2018

Updated: 11/1/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-4326

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:elasticsearch:logstash

Required KB Items: installed_sw/Logstash

Exploit Ease: No known exploits are available

Patch Publication Date: 6/24/2014

Vulnerability Publication Date: 6/24/2014

Reference Information

CVE: CVE-2014-4326