fkie_cve-2014-4326
Vulnerability from fkie_nvd
Published
2014-07-22 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elastic | logstash | 1.0.14 | |
| elastic | logstash | 1.0.15 | |
| elastic | logstash | 1.0.16 | |
| elastic | logstash | 1.0.17 | |
| elastic | logstash | 1.1.0 | |
| elastic | logstash | 1.1.0.1 | |
| elastic | logstash | 1.1.1 | |
| elastic | logstash | 1.1.2 | |
| elastic | logstash | 1.1.3 | |
| elastic | logstash | 1.1.4 | |
| elastic | logstash | 1.1.5 | |
| elastic | logstash | 1.1.6 | |
| elastic | logstash | 1.1.7 | |
| elastic | logstash | 1.1.8 | |
| elastic | logstash | 1.1.9 | |
| elastic | logstash | 1.1.10 | |
| elastic | logstash | 1.1.11 | |
| elastic | logstash | 1.1.12 | |
| elastic | logstash | 1.1.13 | |
| elastic | logstash | 1.2.1 | |
| elastic | logstash | 1.2.2 | |
| elastic | logstash | 1.3.0 | |
| elastic | logstash | 1.3.1 | |
| elastic | logstash | 1.3.2 | |
| elastic | logstash | 1.3.3 | |
| elastic | logstash | 1.4.0 | |
| elastic | logstash | 1.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elastic:logstash:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C7A3E-37E2-4901-BB29-2D43C56B9D38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "63BCE347-638C-4374-9BE4-BB4571E1F280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B660651F-A164-4452-A5A9-6C2877326200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "1914E7D5-1A0B-4037-A891-140F796A413F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C43285FF-C8B2-4840-81AE-97FADD29E685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B67C3E50-BB45-441C-8211-59A9F4EB30FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C509C138-4BFE-48FD-8C38-01677169EAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64B6CF56-F9F3-4F99-B1D5-19C983BFBD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E451EF3A-8252-4059-AEBD-729809062C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55F7ADDD-CC56-4238-A06E-FE1F69EBAC9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46956776-CE67-4145-BB97-3B8C592AC946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "95155F96-6513-4F43-B0CF-52FFDCE0357B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8B63F3-833C-46E5-A914-607A3A766AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9CAB34-C258-4057-B042-5DE75935E619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA006C7-CFF5-490F-8BAE-1DACA4765A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFABA59-F78A-400A-8274-C65344598570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E50991FB-E4A2-4EED-8A82-8E07B96EFF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "27B82689-08A5-4579-9F59-D385066CC270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B4FEA597-A743-4E01-82A7-2402806A38DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "418F6121-CD4C-43D7-AC75-A947C73EE3F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE78CB39-A80D-4BFD-A47F-BB5291859C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3158A64-2248-4A53-B08F-A755131A1A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C3E417-6DB6-481B-98D0-0104BAE87AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FE19710F-8A1D-4FCD-AFE4-499836AB27A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "50969A07-A1BE-4D37-8412-F39E41A5E7A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA8F37B-D30D-4B40-A9DA-31143962FB79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:elastic:logstash:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AC81D01-95EB-4570-B32A-377B439F7200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/."
},
{
"lang": "es",
"value": "Elasticsearch Logstash 1.0.14 hasta 1.4.x anterior a 1.4.2 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de un evento manipulado en (1) zabbix.rb o (2) nagios_nsca.rb en outputs/."
}
],
"id": "CVE-2014-4326",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-22T14:55:09.550",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.elasticsearch.org/blog/logstash-1-4-2/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532841/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elastic.co/community/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.elasticsearch.org/blog/logstash-1-4-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532841/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elastic.co/community/security/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…