RSS   Vulnerabilities for 'Apm-agent-ruby'   RSS

2019-07-30
 
CVE-2019-7615

CWE-295
 

 
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.

 

 >>> Vendor: Elastic 12 Products
X-pack
Kibana reporting
Elasticsearch
Azure repository
Apm-agent-ruby
Elastic cloud enterprise
Logstash
Elasticsearch x-pack
Kibana x-pack
Logstash x-pack
Winlogbeat
Apm agent


Copyright 2019, cxsecurity.com

 

Back to Top