Lucene search
Copyright (C) 2016 Greenbone AGOPENVAS:1361412562310106267HistorySep 19, 2016 - 12:00 a.m.
Splunk Light Multiple Vulnerabilities
2016-09-1900:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
36
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
8.4
Confidence
Low
EPSS
0.968
Percentile
99.7%
Splunk Light is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = 'cpe:/a:splunk:light';
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.106267");
script_version("2023-07-20T05:05:17+0000");
script_tag(name:"last_modification", value:"2023-07-20 05:05:17 +0000 (Thu, 20 Jul 2023)");
script_tag(name:"creation_date", value:"2016-09-19 11:58:34 +0700 (Mon, 19 Sep 2016)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-01-05 02:30:00 +0000 (Fri, 05 Jan 2018)");
script_cve_id("CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109",
"CVE-2016-2176", "CVE-2016-1541", "CVE-2015-2304", "CVE-2013-0211", "CVE-2016-4858", "CVE-2016-4857");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Splunk Light Multiple Vulnerabilities");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_splunk_light_detect.nasl");
script_mandatory_keys("SplunkLight/installed");
script_tag(name:"summary", value:"Splunk Light is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Splunk Light is affected by multiple vulnerabilities:
Multiple OpenSSL vulnerabilities (CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,
CVE-2016-2176).
Multiple vulnerabilities in libarchive (CVE-2016-1541, CVE-2015-2304, CVE-2013-0211).
Open redirect vulnerability (CVE-2016-4857).
Cross-site scripting vulnerability (CVE-2016-4858).");
script_tag(name:"affected", value:"Splunk Light before 6.4.2");
script_tag(name:"solution", value:"Update to version 6.4.2 or later.");
script_xref(name:"URL", value:"https://www.splunk.com/view/SP-CAAAPQM");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!version = get_app_version(cpe: CPE, port: port))
exit(0);
if (version_is_less(version: version, test_version: "6.4.2")) {
report = report_fixed_ver(installed_version: version, fixed_version: "6.4.2");
security_message(port: port, data: report);
exit(0);
}
exit(0);
References
Related
ibm
ibm
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2016-05-03 00:00:00
libarchive -- multiple vulnerabilities
2012-12-06 00:00:00
slackware
slackware
[slackware-security] openssl
2016-05-03 21:05:31
debian
debian
[SECURITY] [DLA 456-1] openssl security update
2016-05-03 20:53:46
[SECURITY] [DSA 3566-1] openssl security update
2016-05-03 18:24:21
openvas
openvas
Slackware: Security Advisory (SSA:2016-124-01)
2022-04-21 00:00:00
Debian: Security Advisory (DLA-456-1)
2023-03-08 00:00:00
Splunk Enterprise Multiple OpenSSL Vulnerabilities (SP-CAAAPQM)
2016-09-19 00:00:00
nessus
nessus
Debian DLA-456-1 : openssl security update
2016-05-04 00:00:00
Slackware 14.0 / 14.1 / current : openssl (SSA:2016-124-01)
2016-05-04 00:00:00
osv
osv
openssl - security update
2016-05-03 00:00:00
openssl - security update
2016-05-03 00:00:00
f5
f5
SOL07538415 - Multiple OpenSSL vulnerabilities
2016-05-03 00:00:00
K07538415 : Multiple OpenSSL vulnerabilities
2016-05-04 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
2016-05-04 19:30:00
arista
arista
Security Advisory 0020
2016-05-06 00:00:00
fortinet
fortinet
OpenSSL Advisory - May 2016
2016-09-22 00:00:00
huawei
huawei
Security Advisory - Multiple Vulnerabilities in OpenSSL in May 2016
2016-07-06 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2016-05-03 00:00:00
libarchive vulnerabilities
2015-03-25 00:00:00
suse
suse
Security update for openssl (important)
2016-05-05 18:08:51
Security update for openssl (important)
2016-05-05 13:11:19
Security update for openssl (important)
2016-05-05 13:07:36
paloalto
paloalto
OpenSSL Vulnerabilities
2016-09-02 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:17.openssl
2016-05-04 00:00:00
cloudfoundry
cloudfoundry
USN-2959-1 OpenSSL vulnerabilities | Cloud Foundry
2016-05-06 00:00:00
aix
aix
Vulnerabilities in OpenSSL affect AIX
2016-07-12 14:14:43
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.2h-alt1
2016-05-04 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.2h-alt1
2016-05-03 00:00:00
amazon
amazon
Important: openssl
2016-05-03 10:30:00
symantec
symantec
SA123 : OpenSSL Vulnerabilities 3-May-2016
2016-05-09 08:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: openssl-1.0.2h-1.fc23
2016-05-04 18:54:36
[SECURITY] Fedora 24 Update: openssl-1.0.2h-1.fc24
2016-05-07 12:15:14
[SECURITY] Fedora 22 Update: openssl-1.0.1k-15.fc22
2016-05-10 17:58:11
mageia
mageia
Updated openssl packages fix security vulnerability
2016-05-08 00:22:48
archlinux
archlinux
lib32-openssl: multiple issues
2016-05-04 00:00:00
openssl: multiple issues
2016-05-04 00:00:00
centos
centos
openssl security update
2016-05-16 10:25:52
openssl security update
2016-05-09 08:40:50
oraclelinux
oraclelinux
openssl security update
2016-05-13 00:00:00
openssl-fips security update
2016-06-15 00:00:00
openssl security update
2016-05-09 00:00:00
redhat
redhat
(RHSA-2016:2073) Important: openssl security update
2016-10-18 06:21:20
(RHSA-2016:0996) Important: openssl security update
2016-05-10 07:00:21
(RHSA-2016:0722) Important: openssl security update
2016-05-09 04:44:04
thn
thn
High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic
2016-05-04 23:31:00
citrix
citrix
Citrix XenServer 7.2 Multiple Security Updates
2018-03-29 04:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
8.4
Confidence
Low
EPSS
0.968
Percentile
99.7%
Related for OPENVAS:1361412562310106267