Lucene search

[email protected]CVE-2011-4643

HistoryJan 03, 2012 - 11:55 a.m.

CVE-2011-4643

2012-01-0311:55:03

CWE-22

[email protected]

web.nvd.nist.gov

cve

2011

4643

splunk

directory traversal

vulnerability

authenticated users

arbitrary files

uri

splunk web

http server

spl-45243

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.9%

JSON

Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a … (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243.

Affected configurations

NVD

Node

splunksplunkMatch4.0

splunksplunkMatch4.0.1

splunksplunkMatch4.0.2

splunksplunkMatch4.0.3

splunksplunkMatch4.0.4

splunksplunkMatch4.0.5

splunksplunkMatch4.0.6

splunksplunkMatch4.0.7

splunksplunkMatch4.0.8

splunksplunkMatch4.0.9

splunksplunkMatch4.0.10

splunksplunkMatch4.0.11

splunksplunkMatch4.1

splunksplunkMatch4.1.1

splunksplunkMatch4.1.2

splunksplunkMatch4.1.3

splunksplunkMatch4.1.4

splunksplunkMatch4.1.5

splunksplunkMatch4.1.6

splunksplunkMatch4.1.7

splunksplunkMatch4.1.8

splunksplunkMatch4.2

splunksplunkMatch4.2.1

splunksplunkMatch4.2.2

splunksplunkMatch4.2.3

splunksplunkMatch4.2.4

CPENameOperatorVersion
splunk:splunksplunkeq4.0
splunk:splunksplunkeq4.0.1
splunk:splunksplunkeq4.0.2
splunk:splunksplunkeq4.0.3
splunk:splunksplunkeq4.0.4
splunk:splunksplunkeq4.0.5
splunk:splunksplunkeq4.0.6
splunk:splunksplunkeq4.0.7
splunk:splunksplunkeq4.0.8
splunk:splunksplunkeq4.0.9

CPE	Name	Operator	Version
splunk:splunk	splunk	eq	4.0
splunk:splunk	splunk	eq	4.0.1
splunk:splunk	splunk	eq	4.0.2
splunk:splunk	splunk	eq	4.0.3
splunk:splunk	splunk	eq	4.0.4
splunk:splunk	splunk	eq	4.0.5
splunk:splunk	splunk	eq	4.0.6
splunk:splunk	splunk	eq	4.0.7
splunk:splunk	splunk	eq	4.0.8
splunk:splunk	splunk	eq	4.0.9

Rows per page:

1-10 of 261

References

secunia.com/advisories/47232

www.exploit-db.com/exploits/18245/

www.sec-1.com/blog/?p=233

www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf

www.securitytracker.com/id?1026451

www.splunk.com/view/SP-CAAAGMM

exchange.xforce.ibmcloud.com/vulnerabilities/72244

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for CVE-2011-4643

cvelist1 prion1 nvd1 openvas1