VYPR
Medium severity5.9NVD Advisory· Published Aug 9, 2017· Updated Jun 17, 2026

CVE-2015-5619

CVE-2015-5619

Description

Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • Elastic/Logstashinferred11 versions
    >=1.4.0,<1.4.5 || >=1.5.0,<1.5.4+ 10 more
    • (no CPE)range: >=1.4.0,<1.4.5 || >=1.5.0,<1.5.4
    • cpe:2.3:a:elastic:logstash:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:elastic:logstash:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:elastic:logstash:1.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:elasticsearch:logstash:1.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:elasticsearch:logstash:1.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:elasticsearch:logstash:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:elasticsearch:logstash:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:elasticsearch:logstash:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:elasticsearch:logstash:1.5.3:*:*:*:*:*:*:*
    • (no CPE)range: <1.4.5, <1.5.4

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.