Splunk 4.2.4 addresses two vulnerabilities - October 19th, 2011
Table of Contents
Description
Splunk version 4.2.4 addresses two vulnerabilities:
At the time of this announcement, Splunk is not aware of any cases where this vulnerability has been exploited. Splunk recommends that customers upgrade any instances of Splunk running Splunk Web, such as index and search servers, to the latest maintenance release as soon as possible.
Splunk also recommends that you apply as many components of the Splunk Hardening Standards as possible to mitigate the risk and impact of exploitation.
Products and Components Affected
Security vulnerabilities addressed by this maintenance release affect the following versions of Splunk running Splunk Web:
- Splunk 4.0 through 4.2.3
Both vulnerabilities addressed by this maintenance release affects the Splunk Web component of the Splunk server software. Splunk Web refers to the web server used to deliver the Splunk user interface to the client browser.
Upgrades
Splunk recommends that all vulnerable instances of Splunk running the Splunk Web component be updated to the latest maintenance release.
| Splunk Version | Recommendation |
|---|---|
| 4.0 to 4.2.3 | Upgrade to the latest maintenance release |
Splunk releases are cumulative, meaning that releases posted subsequent to those we are posting today will contain these fixes to these vulnerabilities as well as new features and fixes to other bugs and flaws.
Credit
Splunk would like to credit Filip Palian with the responsible disclosure of both of the issues addressed in this advisory.
Vulnerability Descriptions and Ratings
The following are descriptions and ratings for vulnerabilities that are fixed in the newest maintenance releases. Descriptions and ratings for previous security fixes can be found in previous Product Security Announcements on our Product Security Portal.
SPL numbers are to be used in communication with Splunk to address specific vulnerabilities. If there is no CVE listed with the vulnerability, the CVE will be added as it is posted.
Reflected XSS in SplunkWeb (SPL-42471)
Description: A reflected cross-site scripting vulnerability was identified in Splunk Web. An attacker could trick a user into clicking a specially crafted link that would disclose a valid Splunk session key to the attacker.
Versions Affected: Splunk 4.0 - 4.2.3
Credit: Splunk would like to credit Filip Palian with the responsible disclosure of this issue.
CVSS Severity (version 2.0):
| CVSS Base Score | 5.5 |
| CVSS Impact Subscore | 4.9 |
| CVSS Exploitability Subscore | 8.0 |
CVSS Version 2 Metrics
- Access Vector: Network
- Access Complexity: Low
- Authentication: Single instance
- Impact Type:
- Allows partial confidentiality and integrity violation
- Exploitability: Proof of concept code
- Remediation Level: Official fix
- Report Confidence: Confirmed
Mitigation and Remediation:
- Splunk recommends upgrading to the latest maintenance release supplied by Splunk.
Denial of Service in SplunkWeb (SPL-42474)
Description: A remote denial of service vulnerability was identified in Splunk Web. An attacker could exploit the lack of proper boundary checking to cause Splunk Web to exhaust system resources, eventually making Splunk inaccesible.
Versions Affected: Splunk 4.0 - 4.2.3
Credit: Splunk would like to credit Filip Palian with the responsible disclosure of this issue.
CVSS Severity (version 2.0):
| CVSS Base Score | 8.5 |
| CVSS Impact Subscore | 7.8 |
| CVSS Exploitability Subscore | 10.0 |
CVSS Version 2 Metrics
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Impact Type:
- Allows partial integrity and full availability violation
- Exploitability: Proof of concept code
- Remediation Level: Official fix
- Report Confidence: Confirmed
Mitigation and Remediation:
- Splunk recommends upgrading to the latest maintenance release supplied by Splunk.
