Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic.
References
Link | Resource |
---|---|
https://discuss.elastic.co/t/beats-5-6-4-security-update/106739 | Vendor Advisory |
Configurations
Information
Published : 2017-12-08 10:29
Updated : 2019-10-09 16:22
NVD link : CVE-2017-11480
Mitre link : CVE-2017-11480
JSON object : View
CWE
Products Affected
elasticsearch
- packetbeat