漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Logstash Improper Certificate Validation in TCP output
Vulnerability Description
Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
证书验证不恰当
Vulnerability Title
Elastic Logstash 安全漏洞
Vulnerability Description
Elastic Logstash是荷兰Elastic公司的一套日志分析和监控工具。 Elastic Logstash 9.0.1之前版本存在安全漏洞,该漏洞源于证书验证不当,可能导致中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A