Last Updated: 2012-03-07 23:44:56 UTC
by Guy Bruneau (Version: 1)
A vulnerability has be found in Splunk 4.0 - 4.3 that allows partial confidentiality and integrity violation, when a user click on a specifically crafted link that can disclose sensitive information to the attacker. Splunk recommend consumers upgrade to version 4.3.1 and to follow its hardening standard  to mitigate the risk of exploitation.
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Last Updated: 2012-03-07 07:46:18 UTC
by Johannes Ullrich (Version: 1)
Recently, I noticed a remarkable decrease in remote file inclusion attacks against my web servers. Usually, I easily detected 100+ attacks per day using a simple regular expression match. These days, I see maybe a dozen (and they are usually only 2-3 distinct "attacks" meaning different exploits or different attackers.
The number of vulnerabilities exploited also decreased a lot, with many of the older vulnerabilities being no longer probed.
Have all vulnerable systems been exploited or cleaned up? These attacks where never very effective, and a lot of exploits used would not have been successful even against vulnerable systems. In addition, the attacks where usually launched blindly without recognizance, leading to a lot of hits to non existent pages.
For the few attacks still out there, the pattern doesn't have changed much. I checked out a couple of the payloads and they are either simple indicators or PHP IRC bots.