Lucene search
HistoryAug 07, 2014 - 11:13 a.m.
CVE-2013-7394
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.955 High
EPSS
Percentile
99.4%
The “runshellscript echo.sh” script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types.
Affected configurations
Node
splunksplunkRange≤5.0.4
ORsplunksplunkMatch5.0
ORsplunksplunkMatch5.0.1
ORsplunksplunkMatch5.0.2
ORsplunksplunkMatch5.0.3
Related
cvelist
cvelist
CVE-2013-7394
2014-08-07 10:00:00
CVE-2013-6771
2014-08-07 10:00:00
prion
prion
Directory traversal
2014-08-07 11:13:00
Design/Logic Flaw
2014-08-07 11:13:00
nvd
nvd
CVE-2013-6771
2014-08-07 11:13:34
nessus
nessus
Splunk < 5.0.5 Multiple Code Execution Vulnerabilities
2013-09-30 00:00:00
cve
cve
CVE-2013-6771
2014-08-07 11:13:34
CVE-2013-7394
2014-08-07 11:13:34
checkpoint_advisories
checkpoint_advisories
Splunk collect file Directory Traversal (CVE-2013-6771)
2014-09-28 00:00:00
zdi
zdi
Splunk runshellscript echo.sh Remote Code Execution Vulnerability
2014-04-03 00:00:00
Splunk collect file Remote Code Execution Vulnerability
2014-04-03 00:00:00
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.955 High
EPSS
Percentile
99.4%
Related for NVD:CVE-2013-7394