PT-2019-18672 · Elastic · Logstash

Dennis Detering

Publicado

2019-10-30

Atualizado

2020-10-09

CVE-2019-7620

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Logstash versions prior to 7.4.1 Logstash versions prior to 6.8.4

Description The issue is a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who can connect to the port the Logstash beats input is using could send a specially crafted network packet, causing Logstash to stop responding.

Recommendations For versions prior to 7.4.1, update to version 7.4.1 or later. For versions prior to 6.8.4, update to version 6.8.4 or later.

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

CVE-2019-7620

Produtos afetados

Logstash

PT-2019-18672 · Elastic · Logstash

CVE-2019-7620

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5