Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Reflected XSS in Splunk Web Affecting Version 4.0 to 4.3 - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Reflected XSS in Splunk Web Affecting Version 4.0 to 4.3

A vulnerability has be found in Splunk 4.0 - 4.3 that allows partial confidentiality and integrity violation, when a user click on a specifically crafted link that can disclose sensitive information to the attacker. Splunk recommend consumers upgrade to version 4.3.1 and to follow its hardening standard [3] to mitigate the risk of exploitation.

[1] http://www.splunk.com/view/SP-CAAAGTK
[2] http://www.splunk.com/download
[3] http://docs.splunk.com/Documentation/Splunk/latest/Admin/Hardeningstandards

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

439 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!