//www.splunk.com
en_us
Splunk
  • Pricing
  • Training
  • Support
    • Support Portal
    • Support Programs
    • Contact Support
    • Splunk Answers
    • Documentation
    • Product Security Updates
    • Getting Started with Splunk Software
    • Community Support
    • Splunk Services
    • Deutsch
    • Español
    • Français
    • Italiano
    • 日本語
    • 한국어
    • Português
    • Pусский
    • 简体中文
    • 繁體中文
    • Login
    • Sign Up
Splunk
  • IT
  • SECURITY
  • IoT
  • BUSINESS ANALYTICS
  • WHY SPLUNK?
  • EXPLORE
    Products | Overview
    CORE
    • Splunk Cloud
    • Splunk Enterprise
    • Splunk Investigate
    • Splunk Data Fabric Search
    • Splunk Data Stream Processor
    IT OPERATIONS
    • Splunk IT Service Intelligence
    • SignalFx
    • VictorOps
    • Splunk Insights for AWS Cloud Monitoring
    • Splunk App for Infrastructure
    SECURITY
    • Splunk Enterprise Security
    • Splunk Phantom
    • Splunk User Behavior Analytics
    IoT
    • Splunk for Industrial IoT
    BUSINESS ANALYTICS
    • Splunk Business Flow
    Industries
    • Communications
    • Financial Services
    • Healthcare
    • Public Sector
    • All Industries
    Company
    • About Splunk
    • Customers
    • Partners
    • Trek-Segafredo Partnership
    • Pricing
    • Value Calculator
    • Blogs
    • Free Trials and Downloads
    • Resources
  • Free Splunk
Splunk Free Splunk
Login | Sign Up
IT
SECURITY
IoT
BUSINESS ANALYTICS
WHY SPLUNK?
Products
Overview
  • CORE
  • Splunk Cloud
  • Splunk Enterprise
  • Splunk Investigate
  • Splunk Data Fabric Search
  • Splunk Data Stream Processor
  • IT OPERATIONS
  • Splunk IT Service Intelligence
  • SignalFx
  • VictorOps
  • Splunk Insights for AWS Cloud Monitoring
  • Splunk App for Infrastructure
  • SECURITY
  • Splunk Enterprise Security
  • Splunk Phantom
  • Splunk User Behavior Analytics
  • IoT
  • Splunk for Industrial IoT
  • BUSINESS ANALYTICS
  • Splunk Business Flow
Industries
  • Communications
  • Financial Services
  • Healthcare
  • Public Sector
  • All Industries
Company
  • About Splunk
  • Customers
  • Partners
  • Trek-Segafredo Partnership
Pricing
Value Calculator
Blogs
Free Trials and Downloads
Resources
Pricing
Training
Support
  • Support Portal
  • Support Programs
  • Contact Support
  • Splunk Answers
  • Documentation
  • Product Security Updates
  • Getting Started with Splunk Software
  • Community Support
  • Splunk Services
Languages
  • Deutsch
  • Español
  • Français
  • Italiano
  • 日本語
  • 한국어
  • Português
  • Pусский
  • 简体中文
  • 繁體中文
  • Documentation
  • Splunk Answers
  • Product Security
  • Programs
  • Support Portal

Splunk 4.2.4 addresses two vulnerabilities - October 19th, 2011

Table of Contents

• Description
• Products and Components Affected
• Upgrades
• Credit
• Vulnerability Descriptions and Ratings
• Reflected XSS in SplunkWeb (SPL-42471)
• Denial of Service in SplunkWeb (SPL-42474)

Description

Splunk version 4.2.4 addresses two vulnerabilities:

  • Reflected XSS in SplunkWeb (SPL-42471)
  • Denial of Service in SplunkWeb (SPL-42474)

At the time of this announcement, Splunk is not aware of any cases where this vulnerability has been exploited. Splunk recommends that customers upgrade any instances of Splunk running Splunk Web, such as index and search servers, to the latest maintenance release as soon as possible.

Splunk also recommends that you apply as many components of the Splunk Hardening Standards as possible to mitigate the risk and impact of exploitation.

Products and Components Affected

Security vulnerabilities addressed by this maintenance release affect the following versions of Splunk running Splunk Web:

  • Splunk 4.0 through 4.2.3

Both vulnerabilities addressed by this maintenance release affects the Splunk Web component of the Splunk server software. Splunk Web refers to the web server used to deliver the Splunk user interface to the client browser.

Upgrades

Splunk recommends that all vulnerable instances of Splunk running the Splunk Web component be updated to the latest maintenance release.


Splunk Version Recommendation
4.0 to 4.2.3 Upgrade to the latest maintenance release

Splunk releases are cumulative, meaning that releases posted subsequent to those we are posting today will contain these fixes to these vulnerabilities as well as new features and fixes to other bugs and flaws.

Credit

Splunk would like to credit Filip Palian with the responsible disclosure of both of the issues addressed in this advisory.

Vulnerability Descriptions and Ratings

The following are descriptions and ratings for vulnerabilities that are fixed in the newest maintenance releases. Descriptions and ratings for previous security fixes can be found in previous Product Security Announcements on our Product Security Portal.

SPL numbers are to be used in communication with Splunk to address specific vulnerabilities. If there is no CVE listed with the vulnerability, the CVE will be added as it is posted.

Reflected XSS in SplunkWeb (SPL-42471)

Description: A reflected cross-site scripting vulnerability was identified in Splunk Web. An attacker could trick a user into clicking a specially crafted link that would disclose a valid Splunk session key to the attacker.

Versions Affected: Splunk 4.0 - 4.2.3

Credit: Splunk would like to credit Filip Palian with the responsible disclosure of this issue.

CVSS Severity (version 2.0):

CVSS Base Score 5.5
CVSS Impact Subscore 4.9
CVSS Exploitability Subscore 8.0

CVSS Version 2 Metrics

  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single instance
  • Impact Type:
    • Allows partial confidentiality and integrity violation
  • Exploitability: Proof of concept code
  • Remediation Level: Official fix
  • Report Confidence: Confirmed

Mitigation and Remediation:

  • Splunk recommends upgrading to the latest maintenance release supplied by Splunk.

Denial of Service in SplunkWeb (SPL-42474)

Description: A remote denial of service vulnerability was identified in Splunk Web. An attacker could exploit the lack of proper boundary checking to cause Splunk Web to exhaust system resources, eventually making Splunk inaccesible.

Versions Affected: Splunk 4.0 - 4.2.3

Credit: Splunk would like to credit Filip Palian with the responsible disclosure of this issue.

CVSS Severity (version 2.0):

CVSS Base Score 8.5
CVSS Impact Subscore 7.8
CVSS Exploitability Subscore 10.0

CVSS Version 2 Metrics

  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Impact Type:
    • Allows partial integrity and full availability violation
  • Exploitability: Proof of concept code
  • Remediation Level: Official fix
  • Report Confidence: Confirmed

Mitigation and Remediation:

  • Splunk recommends upgrading to the latest maintenance release supplied by Splunk.

Document History

  • 2011-October-19: Rev 1. Initial Release

Questions?

Submit your question to Splunk Support.

 

Description:

Permalink:

Browse all videos » « Close window and return to the page
PRODUCTS
  • Splunk Cloud
  • Splunk Enterprise
  • Splunk Investigate
  • Splunk IT Service Intelligence
  • Splunk Insights for AWS Cloud Monitoring
  • Splunk App for Infrastructure
  • VictorOps
  • Splunk Enterprise Security
  • Splunk Phantom
  • Splunk User Behavior Analytics
  • Splunk for Industrial IoT
  • Splunk Business Flow
FREE TRIALS AND DOWNLOADS
PRICING
CALCULATORS
  • Splunk Value Calculator
  • Critical IT Incident Calculator
SOLUTIONS
  • IT
  • Security
  • IoT
  • Business Analytics
INDUSTRIES
  • Aerospace and Defense
  • Communications
  • Energy and Utilities
  • Financial Services
  • Healthcare
  • Higher Education
  • Manufacturing
  • Nonprofits
  • Online Services
  • Public Sector
  • Retail
CUSTOMERS
RESOURCES
  • E-books
  • Recorded Webinars
  • Videos
  • White Papers
  • More...
STRATEGY AND BUSINESS INSIGHTS
  • AI Ops
  • Machine Learning
  • Data Insider
  • Data-to-Everything
  • More...
PARTNERS
  • Become a Partner
  • Partner Login
  • More...
SUPPORT
  • Support Portal
  • Contact Support
  • Splunk Services
  • Support Programs
TRAINING
ABOUT SPLUNK
  • Careers
  • Events
  • Investor Relations
  • Leadership Team
  • Locations
  • Newsroom
  • Splunk for Good
  • Splunk Protects
  • Splunk Ventures
  • More...
CONNECT WITH SPLUNK
  • Support
  • Partners
  • Sales
SPLUNK SITES
  • Splunk Answers
  • Blogs
  • Community
  • .conf
  • Developers
  • Documentation
  • Splunkbase
  • SplunkLive!
  • T-shirt Store
  • User Groups
Splunk
Sitemap | Contact | Careers | Privacy | Terms of Use | Export Control | Modern Slavery Statement
© 2005-2019 Splunk Inc. All rights reserved.
Splunk, Splunk> and Turn Data Into Doing are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.