Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4644

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-4644
Last Modified 26 Jan 2012 12:00:00
Published 03 Jan 2012 06:55:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4644

Summary

Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.

Vulnerable Systems

Application

  • Splunk 2.1

  • Splunk 2.2

  • Splunk 2.2.1

  • Splunk 2.2.3

  • Splunk 2.2.6

  • Splunk 3.0

  • Splunk 3.0.1

  • Splunk 3.0.2

  • Splunk 3.1

  • Splunk 3.1.1

  • Splunk 3.1.2

  • Splunk 3.1.3

  • Splunk 3.1.4

  • Splunk 3.2

  • Splunk 3.2.1

  • Splunk 3.2.2

  • Splunk 3.2.3

  • Splunk 3.2.4

  • Splunk 3.2.5

  • Splunk 3.2.6

  • Splunk 3.3

  • Splunk 3.3.1

  • Splunk 3.3.2

  • Splunk 3.3.3

  • Splunk 3.3.4

  • Splunk 3.4

  • Splunk 3.4.1

  • Splunk 3.4.10

  • Splunk 3.4.11

  • Splunk 3.4.12

  • Splunk 3.4.13

  • Splunk 3.4.14

  • Splunk 3.4.2

  • Splunk 3.4.3

  • Splunk 3.4.5

  • Splunk 3.4.6

  • Splunk 3.4.8

  • Splunk 3.4.9

  • Splunk 4.0

  • Splunk 4.0.1

  • Splunk 4.0.10

  • Splunk 4.0.11

  • Splunk 4.0.2

  • Splunk 4.0.3

  • Splunk 4.0.4

  • Splunk 4.0.5

  • Splunk 4.0.6

  • Splunk 4.0.7

  • Splunk 4.0.8

  • Splunk 4.0.9

  • Splunk 4.1

  • Splunk 4.1.1

  • Splunk 4.1.2

  • Splunk 4.1.3

  • Splunk 4.1.4

  • Splunk 4.1.5

  • Splunk 4.1.6

  • Splunk 4.1.7

  • Splunk 4.1.8

  • Splunk 4.2

  • Splunk 4.2.1

  • Splunk 4.2.2

  • Splunk 4.2.3

  • Splunk 4.2.4

  • Splunk 4.2.5


References

MISC - http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf

MISC - http://www.sec-1.com/blog/?p=233

EXPLOIT-DB - 18245


Last Updated: 27 May 2016 10:57:18