Lucene search

K

MitreCVELIST:CVE-2017-5607

HistoryApr 10, 2017 - 3:00 p.m.

CVE-2017-5607

2017-04-1015:00:00

mitre

www.cve.org

4 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.3%

Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage.

References

hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt

seclists.org/fulldisclosure/2017/Mar/89

www.securityfocus.com/archive/1/540346/100/0/threaded

www.securityfocus.com/bid/97265

www.securityfocus.com/bid/97286

www.securitytracker.com/id/1038170

www.exploit-db.com/exploits/41779/

www.splunk.com/view/SP-CAAAPZ3#InformationLeakageviaJavaScriptCVE20175607

4 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.3%

Related for CVELIST:CVE-2017-5607

openvas2 nvd1 packetstorm1 zdt1 prion1 cve1 seebug1 exploitpack1 nessus2 exploitdb1