Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-10363

Summary
Assigner-elastic
Assigner Org ID-271b6943-45a9-4f3a-ab4e-976f3fa05b5a
Published At-16 Jun, 2017 | 21:00
Updated At-06 Aug, 2024 | 03:21
Rejected At-
Credits

Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:elastic
Assigner Org ID:271b6943-45a9-4f3a-ab4e-976f3fa05b5a
Published At:16 Jun, 2017 | 21:00
Updated At:06 Aug, 2024 | 03:21
Rejected At:
▼CVE Numbering Authority (CNA)

Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.

Affected Products
Vendor
Elasticsearch BVElastic
Product
Logstash
Versions
Affected
  • before 2.3.3
Problem Types
TypeCWE IDDescription
CWECWE-248CWE-248: Uncaught Exception
Type: CWE
CWE ID: CWE-248
Description: CWE-248: Uncaught Exception
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.elastic.co/community/security
x_refsource_CONFIRM
Hyperlink: https://www.elastic.co/community/security
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.elastic.co/community/security
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.elastic.co/community/security
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:bressers@elastic.co
Published At:16 Jun, 2017 | 21:29
Updated At:20 Apr, 2025 | 01:37

Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Elasticsearch BV
elastic
>>logstash>>Versions up to 2.3.2(inclusive)
cpe:2.3:a:elastic:logstash:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-248Secondarybressers@elastic.co
CWE-404Primarynvd@nist.gov
CWE ID: CWE-248
Type: Secondary
Source: bressers@elastic.co
CWE ID: CWE-404
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.elastic.co/community/securitybressers@elastic.co
Vendor Advisory
https://www.elastic.co/community/securityaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://www.elastic.co/community/security
Source: bressers@elastic.co
Resource:
Vendor Advisory
Hyperlink: https://www.elastic.co/community/security
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

106Records found
CVE-2021-4432
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.67%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 14:31
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PCMan FTP Server USER Command denial of service

A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as problematic. This affects an unknown part of the component USER Command Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250719.

Action-Not Available
Vendor-pcman_ftp_server_projectPCMan
Product-pcman_ftp_serverFTP Server
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-4791
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.20% / 41.94%
||
7 Day CHG~0.00%
Published-12 May, 2024 | 01:00
Updated-08 Aug, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Contemporary Control System BASrouter BACnet BASRT-B Application Protocol Data Unit denial of service

A vulnerability classified as critical was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This vulnerability affects unknown code of the component Application Protocol Data Unit. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263890 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Contemporary Control System
Product-BASrouter BACnet BASRT-B
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2021-27458
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.36%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 21:07
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B TCC-1021: All versions, PC10B-E/C TCU-6521: All versions, PC10E TCC-4737: All versions; TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions, Plus EX TCU-6741: All versions, Plus EX2 TCU-6858: All versions, Plus EFR TCU-6743: All versions, Plus EFR2 TCU-6859: All versions, Plus 2P-EFR TCU-6929: All versions, Plus BUS-EX TCU-6900: All versions; TOYOPUC-PC3J/PC2J Series: FL/ET-T-V2H THU-6289: All versions, 2PORT-EFR THU-6404: All versions) are left in an open state by an attacker, Ethernet communications cannot be established with other devices, depending on the settings of the link parameters.

Action-Not Available
Vendor-jtektn/a
Product-2port-efr_thu-6404_firmwareplus_cpu_tcc-6740pc10p_tcc-6372_firmwarepc10b_tcc-1021plus_efr_tcu-6743_firmwareplus_bus-ex_tcu-6900fl\/et-t-v2h_thu-6289_firmwarepc10ge_tcc-6464_firmwareplus_ex2_tcu-6858pc10p_tcc-6372plus_efr2_tcu-6859_firmwarepc10b-p_tcc-6373plus_efr_tcu-6743plus_bus-ex_tcu-6900_firmwarepc10b_tcc-1021_firmwareplus_ex_tcu-6741_firmwarepc10p-dp_tcc-6726_firmwarepc10g-cpu_tcc-6353plus_cpu_tcc-6740_firmwarepc10p-dp_tcc-6726plus_efr2_tcu-6859pc10p-dp-io_tcc-6752_firmwarepc10b-e\/c_tcu-6521_firmwareplus_2p-efr_tcu-6929_firmwarepc10e_tcc-4737_firmwareplus_ex_tcu-6741plus_ex2_tcu-6858_firmwarepc10e_tcc-4737pc10b-e\/c_tcu-6521pc10p-dp-io_tcc-6752pc10g-cpu_tcc-6353_firmwareplus_2p-efr_tcu-6929pc10ge_tcc-6464pc10b-p_tcc-6373_firmwarefl\/et-t-v2h_thu-62892port-efr_thu-6404JTEKT Corporation TOYOPUC products
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2021-21003
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 53.18%
||
7 Day CHG~0.00%
Published-25 Jun, 2021 | 18:25
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service Vulnerability in Phoenix Contact FL SWITCH SMCS series products

In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-fl_switch_smcs_16txfl_switch_smn_8tx-pnfl_switch_smn_6tx\/2fx_sm_firmwarefl_nat_smn_8tx-mfl_switch_smcs_4tx-pn_firmwarefl_switch_smn_6tx\/2fx_firmwarefl_switch_smcs_6tx\/2sfp_firmwarefl_switch_smcs_8gt_firmwarefl_switch_smcs_8tx-pnfl_switch_smcs_6gt\/2sfpfl_switch_smcs_8tx-pn_firmwarefl_switch_smn_8tx-pn_firmwarefl_nat_smn_8tx-m_firmwarefl_switch_smcs_14tx\/2fx_firmwarefl_switch_smcs_14tx\/2fxfl_switch_smcs_8tx_firmwarefl_switch_smn_6tx\/2pof-pnfl_switch_smcs_4tx-pnfl_switch_smn_6tx\/2pof-pn_firmwarefl_switch_smn_6tx\/2fxfl_nat_smn_8tx_firmwarefl_nat_smn_8txfl_switch_smcs_8txfl_switch_smcs_8gtfl_switch_smcs_14tx\/2fx-sm_firmwarefl_switch_smcs_14tx\/2fx-smfl_switch_smcs_6tx\/2sfpfl_switch_smcs_16tx_firmwarefl_switch_smcs_6gt\/2sfp_firmwarefl_switch_smn_6tx\/2fx_smFL NATFL SWITCH
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2020-5129
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.49%
||
7 Day CHG~0.00%
Published-26 Mar, 2020 | 03:35
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma1000sma1000_firmwareSMA1000
CWE ID-CWE-248
Uncaught Exception
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2019-6163
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.17%
||
7 Day CHG~0.00%
Published-26 Jun, 2019 | 14:12
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.

Action-Not Available
Vendor-Lenovo Group Limited
Product-s200pb_seriesv100j200pj105thinkstationj100k_seriesj200c200e_seriesj115c100j110s200thinkpadthinkcentres205n200v200n100v_seriessystem_updatej205System Update
CWE ID-CWE-404
Improper Resource Shutdown or Release
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found