ADVISORIES

• CVE-2015-5378 (NVD)
• GHSA-g6rc-3fpq-w2gr
• Vendor Advisory

GEM

logstash-core

SEVERITY

CVSS v3.x: 7.5 (High)

CVSS v2.0: 5.0 (Medium)

PATCHED VERSIONS

• ~> 1.4.4
• >= 1.5.3

DESCRIPTION

Logstash: SSL/TLS FREAK Attack: Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.

RELATED

• https://nvd.nist.gov/vuln/detail/CVE-2015-5378
• https://packetstormsecurity.com/files/132800/Logstash-1.5.2-SSL-TLS-FREAK.html
• https://sca.analysiscenter.veracode.com/vulnerability-database/security/factoring-attack-rsa-export-keys-freak/ruby/sid-1745/summary
• https://github.com/rubysec/ruby-advisory-db/issues/238
• https://www.elastic.co/community/security
• https://github.com/advisories/GHSA-g6rc-3fpq-w2gr
• https://web.archive.org/web/20181211080524/http://www.securityfocus.com/bid/76015