Splunk Enterprise 'Referer' Header Cross-Site Scripting Vulnerability -02 Feb15 Network Vulnerability

Summary

The host is installed with Splunk and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow remote attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Impact Level: Application

Solution

Upgrade Splunk to version 5.0.10 or later. For updates refer to http://www.splunk.com

Insight

Flaw is due to improper validation of user-supplied input passed via the 'Referer' header before being returned to the user.

Affected

Splunk version 5.0.x before 5.0.10

Detection

Send a crafted request via HTTP GET and check whether it is able to read cookie or not.

References

http://www.osvdb.org/112491
http://www.splunk.com/view/SP-CAAANHS#announce4

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-8301

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat SecurityConstraints Security Bypass Vulnerability
Apache mod_proxy_ajp Information Disclosure Vulnerability
A Really Simple Chat Multiple XSS Vulnerabilities
Apache Open For Business HTML injection vulnerability
Apache Archiva Cross Site Request Forgery Vulnerability

Take action and discover your vulnerabilities