CVE-2017-8444
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-8444
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据的明文传输
Source: NVD (National Vulnerability Database)
Vulnerability Title
Elastic Cloud Enterprise 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Elastic Cloud Enterprise是荷兰Elasticsearch公司的一套用于管理、监控和配置Elasticsearch、Kibana和X-Pack的软件包。client-forwarder是其中的一个客户端转换器。 Elastic Cloud Enterprise 1.0.2之前的版本中的client-forwarder存在安全漏洞,该漏洞源于程序没有正确的加密传递到ZooKeeper的流量。攻击者可利用该漏洞获取敏感数据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Elastic | Elastic Cloud Enterprise | 1.0.0 and 1.0.1 | - |
II. Public POCs for CVE-2017-8444
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-8444
请登录查看更多情报信息。
Same Patch Batch · Elastic · 2017-09-28 · 3 CVEs total
| CVE-2017-8447 | Elasticsearch X-Pack Security 安全漏洞 | |
| CVE-2017-8448 | Elastic X-Pack Alerting 安全漏洞 |
IV. Related Vulnerabilities
Same vendor: Elastic
- CVE-2026-33467
Improper Verification of Cryptographic Signature in Elastic - CVE-2026-33466
Improper Limitation of a Pathname to a Restricted Directory - CVE-2026-33458
Server-Side Request Forgery (SSRF) in Kibana One Workflow Le - CVE-2026-33459
Uncontrolled Resource Consumption in Kibana Leading to Denia - CVE-2026-33460
Incorrect Authorization in Kibana Fleet Leading to Informati
Same weakness: CWE-319
- CVE-2026-45180
Catalyst::Plugin::Statsd versions through 0.10.0 for Perl ma - CVE-2026-45179
Plack::Middleware::Statsd versions before 0.9.0 for Perl may - CVE-2025-59852
HCL DFXAnalytics is affected by an Insufficient Transport - CVE-2026-7610
TRENDnet TEW-821DAP Firmware Update ssi cleartext transmissi - CVE-2026-42514
Sensitive Data Exposure Vulnerability in e-Sushrut HMIS
V. Comments for CVE-2017-8444
No comments yet