CVE-2019-7612 - A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs

CVE-2019-7612

Summary

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.

References

Vulnerable Configurations

cpe:2.3:a:elastic:logstash:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.12:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.12:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.14:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.14:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.15:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.15:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.16:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.16:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.0:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.0:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.0:beta7:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.0:beta7:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.0:beta8:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.0:beta8:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.0:beta9:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.0:beta9:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.1:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.1:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.1:rc1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.1:rc1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.2.0:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.2.0:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.0:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.0:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.0:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.0:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.0:rc3:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.0:rc3:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.0:rc4:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.0:rc4:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.0:snapshot1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.0:snapshot1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.1:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.1:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.1:snapshot1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.1:snapshot1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.2:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.2:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.2:snapshot1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.2:snapshot1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.2:snapshot2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.2:snapshot2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.3:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.3:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.3:snapshot1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.3:snapshot1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.3:snapshot2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.3:snapshot2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.0.0:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.0.0:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.0:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.0:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.0:snapshot2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.0:snapshot2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.0:snapshot3:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.0:snapshot3:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.0:snapshot5:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.0:snapshot5:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.1:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.1:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.1:snapshot1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.1:snapshot1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:alpha6:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.4.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.4.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.4.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.4.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.5:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.5:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.6:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.6:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.7:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.7:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.8:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.8:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.9:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.9:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.10:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.10:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.11:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.11:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.12:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.12:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.13:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.13:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.14:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:5.6.14:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.0.0:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.0.0:-:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.1.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.1.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.2.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.2.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.3.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.3.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.5.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.5.3:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.5.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.5.4:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.6.0:*:*:*:*:*:*:*
cpe:2.3:a:elastic:logstash:6.6.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 05-10-2020 - 20:38)
Impact:
Exploitability:

CWE

CWE-532

CAPEC

Fuzzing and observing application log data/errors for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

confirm	https://security.netapp.com/advisory/ntap-20190411-0002/
misc	https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077 https://www.elastic.co/community/security

Last major update

05-10-2020 - 20:38

Published

25-03-2019 - 19:29

Last modified

05-10-2020 - 20:38