Hi guys,
We used Filebeat to send application logs to Elasticsearch. And these two components are deployed in different environments with firewall PaloAlto in between.
We found that after transmitting for a period of time, there will be a "connection reset by peer" error in the filebeat log. After investigation, we found the PaloAlto identified this traffic as a threat and detected "apache struts2 ognl remote code execution vulnerability" in this traffic.
I am not sure if Elasticsearch uses the apache struct2 framework, and I checked the security advisories and did not find security issues of this kind, so how did this happen?
Thanks.