RSS   Vulnerabilities for 'Apm agent'   RSS

2019-08-22
 
CVE-2019-7617

CWE-20
 

 
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.

 

 >>> Vendor: Elastic 12 Products
X-pack
Kibana reporting
Elasticsearch
Azure repository
Apm-agent-ruby
Elastic cloud enterprise
Logstash
Elasticsearch x-pack
Kibana x-pack
Logstash x-pack
Winlogbeat
Apm agent


Copyright 2019, cxsecurity.com

 

Back to Top