Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue called the FREAK attack. If you are using the Lumberjack input, FREAK allows an attacker to successfully implement a man in the middle attack, intercepting communication between the Logstash Forwarder agent and Logstash server.
Note: Only deployments using the Logstash Forwarder or the Lumberjack input are affected by this vulnerability.
Fixed versions:
Version 1.5.3 and 1.4.4 has been patched with a fix that addresses this vulnerability.
Remediation:
Users that currently use Logstash Forwarder in combination with Lumberjack input in Logstash or may want to use it in the future should upgrade to 1.5.3 or 1.4.4.
Users that do not want to upgrade can address the vulnerability by disabling the Lumberjack input. Please note that you will not be able to use Logstash Forwarder after the Lumberjack input is disabled.
Credit:
Accenture Security Team discovered this issue. Paul Kloves from Accenture has been coordinating with us.