According to its version number, the instance of Splunk hosted on the remote web server is Enterprise 5.0.x prior to 5.0.15, 6.0.x prior to 6.0.11, 6.1.x prior to 6.1.10, 6.2.x prior to 6.2.9, 6.3.x prior to 6.3.3.4, Light 6.2.x prior to 6.2.9, or Light 6.3.x prior to 6.3.3.4.
It is, therefore, affected by the following vulnerabilities :

  - A type confusion error exists in the bundled version of     libxslt in the xsltStylePreCompute() function due to     improper handling of invalid values. A context-dependent     attacker can exploit this, via crafted XML files, to     cause a denial of service condition. (CVE-2015-7995)

  - A key disclosure vulnerability exists in the bundled     version of OpenSSL due to improper handling of     cache-bank conflicts on the Intel Sandy-bridge     microarchitecture. An attacker can exploit this to gain     access to RSA key information. (CVE-2016-0702)

  - A double-free error exists in the bundled version of     OpenSSL due to improper validation of user-supplied     input when parsing malformed DSA private keys. A remote     attacker can exploit this to corrupt memory, resulting     in a denial of service condition or the execution of     arbitrary code. (CVE-2016-0705)

  - A NULL pointer dereference flaw exists in the bundled     version of OpenSSL in the BN_hex2bn() and BN_dec2bn()     functions. A remote attacker can exploit this to trigger     a heap corruption, resulting in the execution of     arbitrary code. (CVE-2016-0797)

  - A denial of service vulnerability exists in the bundled     version of OpenSSL due to improper handling of invalid     usernames. A remote attacker can exploit this, via a     specially crafted username, to leak 300 bytes of memory     per connection, exhausting available memory resources.
    (CVE-2016-0798)

  - Multiple memory corruption issues exist in the bundled     version of OpenSSL that allow a remote attacker to cause     a denial of service condition or the execution of     arbitrary code. (CVE-2016-0799)

  - A flaw exists in the bundled version of OpenSSL that     allows a cross-protocol Bleichenbacher padding oracle     attack known as DROWN (Decrypting RSA with Obsolete and     Weakened eNcryption). This vulnerability exists due to a     flaw in the Secure Sockets Layer Version 2 (SSLv2)     implementation, and it allows captured TLS traffic to be     decrypted. A man-in-the-middle attacker can exploit this     to decrypt the TLS connection by utilizing previously     captured traffic and weak cryptography along with a     series of specially crafted connections to an SSLv2     server that uses the same private key. (CVE-2016-0800)

  - A flaw exists due to improper handling of specially     crafted HTTP requests that contain specific headers. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition.

  - A flaw exists due to improper handling of malformed HTTP     requests. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition.

  - A flaw exists that is triggered when directly accessing     objects. An authenticated, remote attacker can exploit     this to disclose search logs.

  - A flaw exists due to the failure to honor the     sslVersions keyword for TLS protocol versions,     preventing users from enforcing TLS policies.

  - A path traversal vulnerability exists in the 'collect'     command due to improper sanitization of user-supplied     input. An authenticated, remote attacker can exploit     this, via a specially crafted request, to execute     arbitrary code arbitrary code with the privileges of the     user running the splunkd process.

  - A path traversal vulnerability exists in the 'inputcsv'     and 'outputcsv' commands due to improper sanitization of     user-supplied input. An authenticated, remote attacker     can exploit this, via a specially crafted request, to     can access or overwrite file paths.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This update for nodejs to version 4.4.5 fixes the several issues.

These security issues introduced by the bundled openssl were fixed by going to version 1.0.2h :

  - CVE-2016-2107: The AES-NI implementation in OpenSSL did     not consider memory allocation during a certain padding     check, which allowed remote attackers to obtain     sensitive cleartext information via a padding-oracle     attack against an AES CBC session (bsc#977616).

  - CVE-2016-2105: Integer overflow in the EVP_EncodeUpdate     function in crypto/evp/encode.c in OpenSSL allowed     remote attackers to cause a denial of service (heap     memory corruption) via a large amount of binary data     (bsc#977614).

  - CVE-2016-0705: Double free vulnerability in the     dsa_priv_decode function in crypto/dsa/dsa_ameth.c in     OpenSSL allowed remote attackers to cause a denial of     service (memory corruption) or possibly have unspecified     other impact via a malformed DSA private key     (bsc#968047).

  - CVE-2016-0797: Multiple integer overflows in OpenSSL     allowed remote attackers to cause a denial of service     (heap memory corruption or NULL pointer dereference) or     possibly have unspecified other impact via a long digit     string that is mishandled by the (1) BN_dec2bn or (2)     BN_hex2bn function, related to crypto/bn/bn.h and     crypto/bn/bn_print.c (bsc#968048).

  - CVE-2016-0702: The MOD_EXP_CTIME_COPY_FROM_PREBUF     function in crypto/bn/bn_exp.c in OpenSSL did not     properly consider cache-bank access times during modular     exponentiation, which made it easier for local users to     discover RSA keys by running a crafted application on     the same Intel Sandy Bridge CPU core as a victim and     leveraging cache-bank conflicts, aka a 'CacheBleed'     attack (bsc#968050).

These non-security issues were fixed :

  - Fix faulty 'if' condition (string cannot equal a     boolean).

  - buffer: Buffer no longer errors if you call lastIndexOf     with a search term longer than the buffer.

  - contextify: Context objects are now properly garbage     collected, this solves a problem some individuals were     experiencing with extreme memory growth.

  - Update npm to 2.15.5.

- http: Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999.

  - deps: Fix --gdbjit for embedders. Backported from v8     upstream.

  - querystring: Restore throw when attempting to stringify     bad surrogate pair.

- https: Under certain conditions SSL sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case.

  - lib: The way that we were internally passing arguments     was causing a potential leak. By copying the arguments     into an array we can avoid this.

  - repl: Previously if you were using the repl in strict     mode the column number would be wrong in a stack trace.
    This is no longer an issue.

  - deps: An update to v8 that introduces a new flag
    --perf_basic_prof_only_functions.

- http: A new feature in http(s) agent that catches errors on keep alived connections.

  - src: Better support for big-endian systems.

  - tls: A new feature that allows you to pass common SSL     options to tls.createSecurePair.

  - build: Support python path that includes spaces.

- https: A potential fix for #3692   (HTTP/HTTPS client requests throwing EPROTO).

  - installer: More readable profiling information from     isolate tick logs.

  - process: Add support for symbols in event emitters     (symbols didn't exist when it was written).

  - querystring: querystring.parse() is now 13-22% faster!

  - streams: Performance improvements for moving small     buffers that shows a 5% throughput gain. IoT projects     have been seen to be as much as 10% faster with this     change!

The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a 'CacheBleed' attack.
(CVE-2016-0702)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities, including the following:

  - IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across     fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and     a risk of duplicate key material. (CVE-2018-1426)

  - The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6)     CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A     weak password may be recovered. Note: After update the customer should change password to ensure the new     password is stored more securely. Products should encourage customers to take this step as a high priority     action. (CVE-2018-1447)

  - There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before     1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA     and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks     against DH are considered just feasible (although very difficult) because most of the work necessary to     deduce information about a private key may be performed offline. The amount of resources required for such     an attack would be very significant and likely only accessible to a limited number of attackers. An     attacker would additionally need online access to an unpatched system using the target private key in a     scenario with persistent DH parameters and a private key that is shared between multiple clients. For     example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very     similar to CVE-2015-3193 but must be treated as a separate problem. (CVE-2017-3732)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-120:02 advisory.

    The OpenSSL toolkit provides support for secure communications between     machines. OpenSSL includes a certificate management tool and shared     libraries which provide various cryptographic algorithms and     protocols.
    Security issues fixed with this release:
    CVE-2015-3197     ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f     does not prevent use of disabled ciphers, which makes it easier for     man-in-the-middle attackers to defeat cryptographic protection     mechanisms by performing computations on SSLv2 traffic, related to the     get_client_master_key and get_client_hello functions.
    CVE-2016-0702
    ** RESERVED **     This candidate has been reserved by an organization or individual that     will use it when announcing a new security problem.  When the     candidate has been publicized, the details for this candidate will be     provided.
    CVE-2016-0705
    ** RESERVED **     This candidate has been reserved by an organization or individual that     will use it when announcing a new security problem.  When the     candidate has been publicized, the details for this candidate will be     provided.
    CVE-2016-0797
    ** RESERVED **     This candidate has been reserved by an organization or individual that     will use it when announcing a new security problem.  When the     candidate has been publicized, the details for this candidate will be     provided.
    CVE-2016-0800
    ** RESERVED **     This candidate has been reserved by an organization or individual that     will use it when announcing a new security problem.  When the     candidate has been publicized, the details for this candidate will be     provided.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
90705	Splunk Enterprise < 5.0.15 / 6.0.11 / 6.1.10 / 6.2.9 / 6.3.3.4 or Splunk Light < 6.2.9 / 6.3.3.4 Multiple Vulnerabilities (DROWN)	Nessus	CGI abuses	4/25/2016	11/20/2019	critical
91618	openSUSE Security Update : nodejs (openSUSE-2016-715)	Nessus	SuSE Local Security Checks	6/15/2016	1/19/2021	critical
93203	F5 Networks BIG-IP : OpenSSL vulnerability (K79215841)	Nessus	F5 Networks Local Security Checks	8/30/2016	1/27/2026	medium
144773	IBM HTTP Server 7.0.0.0 <= 7.0.0.43 / 8.0.0.0 <= 8.0.0.14 / 8.5.0.0 < 8.5.5.14 / 9.0.0.0 < 9.0.0.8 Multiple Vulnerabilities (569301)	Nessus	Web Servers	1/6/2021	4/11/2022	critical
289938	MiracleLinux 7 : openssl-1.0.1e-51.el7.4 (AXSA:2016-120:02)	Nessus	Miracle Linux Local Security Checks	1/16/2026	1/16/2026	critical

Detections

Analytics

Plugins Search

critical

critical

medium

critical

critical