Denial of Service : Elastic Kibana 'CVE-2017-11499' DoS Vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.108365

Category: Denial of Service

Title: Elastic Kibana 'CVE-2017-11499' DoS Vulnerability - Linux

Summary: Elastic Kibana is shipping a version of Node.js which is prone; to a denial of service (DoS) vulnerability.

Description: Summary:
Elastic Kibana is shipping a version of Node.js which is prone
to a denial of service (DoS) vulnerability.

Vulnerability Impact:
This flaw could allow a remote attacker to consume resources
within Node.js preventing Kibana from servicing requests.

Affected Software/OS:
Elastic Kibana versions prior to 4.6.5 and 5.x prior to 5.5.1.

Solution:
Administrators running Kibana in an environment with untrusted
users should update to version 5.5.1 or 4.6.5. There is no workaround for this issue, the flaw can
be triggered by an unauthenticated anonymous user.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-11499
BugTraq ID: 99959
http://www.securityfocus.com/bid/99959
RedHat Security Advisories: RHSA-2017:2908
https://access.redhat.com/errata/RHSA-2017:2908
RedHat Security Advisories: RHSA-2017:3002
https://access.redhat.com/errata/RHSA-2017:3002

Copyright Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.108365
Category:	Denial of Service
Title:	Elastic Kibana 'CVE-2017-11499' DoS Vulnerability - Linux
Summary:	Elastic Kibana is shipping a version of Node.js which is prone; to a denial of service (DoS) vulnerability.
Description:	Summary: Elastic Kibana is shipping a version of Node.js which is prone to a denial of service (DoS) vulnerability. Vulnerability Impact: This flaw could allow a remote attacker to consume resources within Node.js preventing Kibana from servicing requests. Affected Software/OS: Elastic Kibana versions prior to 4.6.5 and 5.x prior to 5.5.1. Solution: Administrators running Kibana in an environment with untrusted users should update to version 5.5.1 or 4.6.5. There is no workaround for this issue, the flaw can be triggered by an unauthenticated anonymous user. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-11499 BugTraq ID: 99959 http://www.securityfocus.com/bid/99959 RedHat Security Advisories: RHSA-2017:2908 https://access.redhat.com/errata/RHSA-2017:2908 RedHat Security Advisories: RHSA-2017:3002 https://access.redhat.com/errata/RHSA-2017:3002
Copyright	Copyright (C) 2018 Greenbone AG