This host is running Splunk and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to inject and execute arbitrary code and conduct cross-site scripting and cross-site request forgery attacks. Impact Level: Application/System

Upgrade to Splunk version 4.2.5 or later. For updates refer to http://www.splunk.com/download

- The application allows users to perform search actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to execute arbitrary code when a logged-in administrator visits a specially crafted web page. - Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. - Certain input passed to the web API is not properly sanitised before being used to access files. This can be exploited to disclose the content of arbitrary files via directory traversal attacks.

Splunk versions 4.0 through 4.2.4

• http://osvdb.org/show/osvdb/77694
• http://osvdb.org/show/osvdb/77695
• http://secunia.com/advisories/47232
• http://tools.cisco.com/security/center/viewAlert.x?alertId=24805
• http://www.exploit-db.com/exploits/18245
• http://www.sec-1.com/blog/?p=233
• http://www.splunk.com/view/SP-CAAAGMM

---

Updated on 2015-03-25