Elasticsearch Packetbeat CVE-2017-11480 Denial of Service Vulnerability

Bugtraq ID:	106500
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2017-11480
Remote:	Yes
Local:	No
Published:	Jul 01 2017 12:00AM
Updated:	Jul 01 2017 12:00AM
Credit:	Teppei Fukuda
Vulnerable:	Elasticsearch Packetbeat 5.6.3 Elasticsearch Packetbeat 5.6 Elasticsearch Packetbeat 5.5 Elasticsearch Packetbeat 5.4 Elasticsearch Packetbeat 5.3 Elasticsearch Packetbeat 5.2
Not Vulnerable:	Elasticsearch Packetbeat 5.6.4

Elasticsearch Packetbeat CVE-2017-11480 Denial of Service Vulnerability

Elasticsearch Packetbeat is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause denial-of-service conditions; denying service to legitimate users.

Versions prior to Packetbeat 5.6.4 are vulnerable.

Elasticsearch Packetbeat CVE-2017-11480 Denial of Service Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Elasticsearch Packetbeat CVE-2017-11480 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.