Summary
The host is installed with Splunk and is
prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow remote
attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
Impact Level: Application
Solution
Upgrade Splunk to version 5.0.10 or
later. For updates refer to http://www.splunk.com
Insight
Flaw is due to improper validation of
user-supplied input passed via the 'Referer' header before being returned to the user.
Affected
Splunk version 5.0.x before 5.0.10
Detection
Send a crafted request via HTTP GET and
check whether it is able to read cookie or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-8301 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AdaptCMS 'init.php' Remote File Include Vulnerability
- Apache Tomcat source.jsp malformed request information disclosure
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- Afian 'includer.php' Directory Traversal Vulnerability
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability