Splunk < 5.0.4 X-FRAME-OPTIONS Clickjacking Vulnerability
Medium Nessus Plugin ID 69284
SynopsisThe remote web server contains an application that is affected by a clickjacking Vulnerability.
DescriptionAccording to its version number, the Splunk Web hosted on the remote web server is affected by a clickjacking vulnerability due to a failure to use the X-FRAME-OPTIONS header. This allows an attacker to embed elements such as links or buttons into frames on an externally hosted, attacker-controlled site, resulting in unsuspecting users performing unintended actions.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Splunk 5.0.4 or later.