Multiple vulnerabilities in Splunk

Description

Multiple serious vulnerabilities have been found in Splunk. Malicious users can exploit these vulnerabilities to inject arbitrary script or read local files. Below is a complete list of vulnerabilities

1. An XSS vulnerability can be exploited remotely via specially designed HTPP headers;
2. A directory traversal vulnerability can be exploited via a specially designed URI.

Original advisories

• Splunk changelog

Related products

• Splunk

CVE list

• CVE-2014-5198
  warning
• CVE-2014-5197
  warning

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com