Splunk Enterprise 6.4.x < 6.4.7 Multiple Vulnerabilities

medium Nessus Plugin ID 99707

Synopsis

An application running on the remote web server is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the version of Splunk Enterprise running on the remote web server is 6.4.x prior to 6.4.7.
It is, therefore, affected by multiple vulnerabilities :

- Multiple cross-site scripting (XSS) vulnerabilities exist due to improper validation of user-supplied input.
An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted request, to execute arbitrary script code in a user's browser session.

- An error message spoofing vulnerability exists that allows an unauthenticated, remote attacker to spoof the contents of error messages by convincing a user to visit a specially crafted website.

Solution

Upgrade to Splunk Enterprise version 6.4.7 or later.

See Also

https://www.splunk.com/view/SP-CAAAP2K

https://www.splunk.com/view/SP-CAAAP2U

Plugin Details

Severity: Medium

ID: 99707

File Name: splunk_647.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 4/27/2017

Updated: 1/2/2019

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:splunk:splunk

Required KB Items: installed_sw/Splunk

Patch Publication Date: 4/24/2017

Vulnerability Publication Date: 4/19/2017

Reference Information

BID: 98989