Medium severity5.9NVD Advisory· Published Aug 9, 2017· Updated Jun 17, 2026
CVE-2015-5619
CVE-2015-5619
Description
Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11>=1.4.0,<1.4.5 || >=1.5.0,<1.5.4+ 10 more
- (no CPE)range: >=1.4.0,<1.4.5 || >=1.5.0,<1.5.4
- cpe:2.3:a:elastic:logstash:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:logstash:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:logstash:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:1.5.3:*:*:*:*:*:*:*
- (no CPE)range: <1.4.5, <1.5.4
Patches
Vulnerability mechanics
References
5- packetstormsecurity.com/files/133269/Logstash-1.5.3-Man-In-The-Middle.htmlnvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/76455nvdThird Party AdvisoryVDB Entry
- www.elastic.co/blog/logstash-1-5-4-and-1-4-5-releasednvdVendor Advisory
- www.securityfocus.com/archive/1/536294/100/0/threadednvd
- www.securityfocus.com/archive/1/536858/100/0/threadednvd
News mentions
0No linked articles in our index yet.