CVE-2014-4326
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0088 (0.9%)
Percentil: 75.5%
EPSS: 2026-05-06
Afecta
elastic:logstashDescripción técnica
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.
Publicada: 22/7/2014, 14:55:09
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://www.elasticsearch.org/blog/logstash-1-4-2/
- http://www.securityfocus.com/archive/1/532841/100/0/threaded
- https://www.elastic.co/community/security/
- http://www.elasticsearch.org/blog/logstash-1-4-2/
- http://www.securityfocus.com/archive/1/532841/100/0/threaded
- https://www.elastic.co/community/security/