Lucene search

[email protected]CVE-2011-4644

HistoryJan 03, 2012 - 11:55 a.m.

CVE-2011-4644

2012-01-0311:55:04

CWE-287

[email protected]

web.nvd.nist.gov

splunk

cve-2011-4644

security

free license

unauthorized access

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.8%

JSON

Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.

Affected configurations

NVD

Node

splunksplunkRange≤4.2.5

splunksplunkMatch2.1

splunksplunkMatch2.2

splunksplunkMatch2.2.1

splunksplunkMatch2.2.3

splunksplunkMatch2.2.6

splunksplunkMatch3.0

splunksplunkMatch3.0.1

splunksplunkMatch3.0.2

splunksplunkMatch3.1

splunksplunkMatch3.1.1

splunksplunkMatch3.1.2

splunksplunkMatch3.1.3

splunksplunkMatch3.1.4

splunksplunkMatch3.2

splunksplunkMatch3.2.1

splunksplunkMatch3.2.2

splunksplunkMatch3.2.3

splunksplunkMatch3.2.4

splunksplunkMatch3.2.5

splunksplunkMatch3.2.6

splunksplunkMatch3.3

splunksplunkMatch3.3.1

splunksplunkMatch3.3.2

splunksplunkMatch3.3.3

splunksplunkMatch3.3.4

splunksplunkMatch3.4

splunksplunkMatch3.4.1

splunksplunkMatch3.4.2

splunksplunkMatch3.4.3

splunksplunkMatch3.4.5

splunksplunkMatch3.4.6

splunksplunkMatch3.4.8

splunksplunkMatch3.4.9

splunksplunkMatch3.4.10

splunksplunkMatch3.4.11

splunksplunkMatch3.4.12

splunksplunkMatch3.4.13

splunksplunkMatch3.4.14

splunksplunkMatch4.0

splunksplunkMatch4.0.1

splunksplunkMatch4.0.2

splunksplunkMatch4.0.3

splunksplunkMatch4.0.4

splunksplunkMatch4.0.5

splunksplunkMatch4.0.6

splunksplunkMatch4.0.7

splunksplunkMatch4.0.8

splunksplunkMatch4.0.9

splunksplunkMatch4.0.10

splunksplunkMatch4.0.11

splunksplunkMatch4.1

splunksplunkMatch4.1.1

splunksplunkMatch4.1.2

splunksplunkMatch4.1.3

splunksplunkMatch4.1.4

splunksplunkMatch4.1.5

splunksplunkMatch4.1.6

splunksplunkMatch4.1.7

splunksplunkMatch4.1.8

splunksplunkMatch4.2

splunksplunkMatch4.2.1

splunksplunkMatch4.2.2

splunksplunkMatch4.2.3

splunksplunkMatch4.2.4

CPENameOperatorVersion
splunk:splunksplunkle4.2.5
splunk:splunksplunkeq2.1
splunk:splunksplunkeq2.2
splunk:splunksplunkeq2.2.1
splunk:splunksplunkeq2.2.3
splunk:splunksplunkeq2.2.6
splunk:splunksplunkeq3.0
splunk:splunksplunkeq3.0.1
splunk:splunksplunkeq3.0.2
splunk:splunksplunkeq3.1

CPE	Name	Operator	Version
splunk:splunk	splunk	le	4.2.5
splunk:splunk	splunk	eq	2.1
splunk:splunk	splunk	eq	2.2
splunk:splunk	splunk	eq	2.2.1
splunk:splunk	splunk	eq	2.2.3
splunk:splunk	splunk	eq	2.2.6
splunk:splunk	splunk	eq	3.0
splunk:splunk	splunk	eq	3.0.1
splunk:splunk	splunk	eq	3.0.2
splunk:splunk	splunk	eq	3.1

Rows per page:

1-10 of 651

References

www.exploit-db.com/exploits/18245/

www.sec-1.com/blog/?p=233

www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.8%

JSON

Related for CVE-2011-4644

prion1 cvelist1 nvd1 openvas1