Splunk 4.x < 4.1.3 404 Response XSS

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.

Synopsis :

A web application on the remote host has a cross-site scripting

Description :

The version of Splunk Web hosted on the remote web server fails to
sanitize the contents of the HTTP 'Referer' header before using it in
HTTP error 404 messages, and hence is affected by a cross-site scripting

An unauthenticated, remote attacker may be able to leverage this issue
to inject arbitrary HTML or script code into a user's browser to be
executed within the security context of the affected site.

Note that exploitation is only confirmed as valid in Internet Explorer
as Firefox escapes the special characters '<' and '>' when rendering the

See also :


Solution :

Upgrade to Splunk 4.1.3.

Risk factor :

Medium / CVSS Base Score : 4.3

Family: CGI abuses : XSS

Nessus Plugin ID: 47620 ()

Bugtraq ID:

CVE ID: CVE-2010-2429