SSL/TLS Certificate Validation Vulnerability in Logstash

SSL/TLS Certificate Validation Vulnerability in Logstash

CVE-2015-5619 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.

Learn more about our Cis Benchmark Audit For Server Software.