Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Reflected XSS in Splunk Web Affecting Version 4.0 to 4.3

Published: 2012-03-07
Last Updated: 2012-03-07 23:44:56 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

A vulnerability has be found in Splunk 4.0 - 4.3 that allows partial confidentiality and integrity violation, when a user click on a specifically crafted link that can disclose sensitive information to the attacker. Splunk recommend consumers upgrade to version 4.3.1 and to follow its hardening standard [3] to mitigate the risk of exploitation.

[1] http://www.splunk.com/view/SP-CAAAGTK
[2] http://www.splunk.com/download
[3] http://docs.splunk.com/Documentation/Splunk/latest/Admin/Hardeningstandards

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Splunk XSS
0 comment(s)
Diary Archives