Lucene search

[email protected]CVE-2016-4859

HistoryMay 12, 2017 - 6:29 p.m.

CVE-2016-4859

2017-05-1218:29:00

CWE-601

[email protected]

web.nvd.nist.gov

cve-2016-4859

open redirect

splunk enterprise

security vulnerability

phishing

nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.0%

JSON

Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Affected configurations

Vulners

NVD

Node

splunk_inc.splunk_enterpriseRange6.4.x–6.4.3

splunk_inc.splunk_enterpriseRange6.3.x–6.3.6

splunk_inc.splunk_enterpriseRange6.2.x–6.2.10

splunk_inc.splunk_enterpriseRange6.1.x–6.1.11

splunk_inc.splunk_enterpriseRange6.0.x–6.0.12

splunk_inc.splunk_enterpriseRange5.0.x–5.0.16

splunk_inc.splunk_lightRange<6.4.3

CPENameOperatorVersion
splunk:splunksplunkle6.4.2
splunk:splunksplunkeq5.0.0
splunk:splunksplunkeq5.0.1
splunk:splunksplunkeq5.0.2
splunk:splunksplunkeq5.0.3
splunk:splunksplunkeq5.0.4
splunk:splunksplunkeq5.0.5
splunk:splunksplunkeq5.0.6
splunk:splunksplunkeq5.0.7
splunk:splunksplunkeq5.0.8

CPE	Name	Operator	Version
splunk:splunk	splunk	le	6.4.2
splunk:splunk	splunk	eq	5.0.0
splunk:splunk	splunk	eq	5.0.1
splunk:splunk	splunk	eq	5.0.2
splunk:splunk	splunk	eq	5.0.3
splunk:splunk	splunk	eq	5.0.4
splunk:splunk	splunk	eq	5.0.5
splunk:splunk	splunk	eq	5.0.6
splunk:splunk	splunk	eq	5.0.7
splunk:splunk	splunk	eq	5.0.8

Rows per page:

1-10 of 581

CNA Affected

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "6.4.x prior to 6.4.3"
      },
      {
        "status": "affected",
        "version": "6.3.x prior to 6.3.6"
      },
      {
        "status": "affected",
        "version": "6.2.x prior to 6.2.10"
      },
      {
        "status": "affected",
        "version": "6.1.x prior to 6.1.11"
      },
      {
        "status": "affected",
        "version": "6.0.x prior to 6.0.12"
      },
      {
        "status": "affected",
        "version": "5.0.x prior to 5.0.16"
      }
    ]
  },
  {
    "product": "Splunk Light",
    "vendor": "Splunk Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 6.4.3"
      }
    ]
  }
]

References

www.securityfocus.com/bid/92603

jvn.jp/en/jp/JVN64800312/index.html

www.splunk.com/view/SP-CAAAPQ6

Social References

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.0%

JSON

Related for CVE-2016-4859

openvas2 nvd1 jvn1 prion1 cvelist1