Logstash ESA-2015-04

medium Nessus Plugin ID 119460

Synopsis

The remote web server hosts a Java application that is vulnerable.

Description

All Logstash versions prior to 1.4.3 that use the file output plugin are vulnerable to a directory traversal attack that allows an attacker to write files as the Logstash user.

Solution

Users should upgrade to 1.4.3 or 1.5.0 Users that do not want to upgrade can address the vulnerability by disabling the file output plugin.

See Also

http://www.nessus.org/u?3f00797e

Plugin Details

Severity: Medium

ID: 119460

File Name: logstash_esa_2015_04.nasl

Version: 1.2

Type: remote

Family: CGI abuses

Published: 12/6/2018

Updated: 11/1/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2015-4152

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:elasticsearch:logstash

Required KB Items: installed_sw/Logstash

Exploit Ease: No known exploits are available

Patch Publication Date: 6/9/2015

Vulnerability Publication Date: 6/9/2015

Reference Information

CVE: CVE-2015-4152