Splunk Enterprise < 5.0.16 / 6.0.12 / 6.1.11 / 6.2.10 / 6.3.6 / 6.4.3 or Splunk Light < 6.4.3 Cross-Site Redirection

medium Nessus Plugin ID 93110

Synopsis

An application running on the remote web server is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the version of Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.16, 6.0.x prior to 6.0.12, 6.1.x prior to 6.1.11, 6.2.x prior to 6.2.10, 6.3.x prior to 6.3.6, or 6.4.x prior to 6.4.3; or else it is Splunk Light version 6.4.x prior to 6.4.3. It is, therefore, affected by a cross-site redirection vulnerability due to improper validation of unspecified input before returning it to the user. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted URL, to redirect the user to an arbitrary website of the attacker's choosing.

Solution

Upgrade Splunk Enterprise to version 5.0.16 / 6.0.12 / 6.1.11 / 6.2.10 / 6.3.6 / 6.4.3 or later, or Splunk Light to version 6.4.3 or later.

See Also

https://www.splunk.com/view/SP-CAAAPQ6

Plugin Details

Severity: Medium

ID: 93110

File Name: splunk_643.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 8/25/2016

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:splunk:splunk

Required KB Items: installed_sw/Splunk

Patch Publication Date: 8/22/2016

Vulnerability Publication Date: 8/22/2016

Reference Information

BID: 92603