Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4642

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2011-4642
Last Modified 06 Nov 2012 12:04:10
Published 03 Jan 2012 06:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2011-4642

Summary

mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.

Vulnerable Systems

Application

  • Splunk 4.2

  • Splunk 4.2.1

  • Splunk 4.2.2

  • Splunk 4.2.3

  • Splunk 4.2.4


References

CONFIRM - http://www.splunk.com/view/SP-CAAAGMM

MISC - http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf

MISC - http://www.sec-1.com/blog/?p=233

EXPLOIT-DB - 18245

SECTRACK - 1026451

SECUNIA - 47232


Last Updated: 27 May 2016 10:57:18