Published: 14/09/2010 Updated: 14/09/2010
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 409
Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P

Vulnerability Summary

Splunk 4.0.0 up to and including 4.1.4 allows remote malicious users to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

splunk splunk 4.0

splunk splunk 4.0.11

splunk splunk 4.1.3

splunk splunk 4.1.4

splunk splunk 4.1

splunk splunk 4.1.2

splunk splunk 4.0.8

splunk splunk 4.0.10

splunk splunk 4.0.2

splunk splunk 4.0.3

splunk splunk 4.0.4

splunk splunk 4.0.5

splunk splunk 4.0.6

splunk splunk 4.1.1

splunk splunk 4.0.1

splunk splunk 4.0.7

splunk splunk 4.0.9

Vendor Advisories

Table of Contents• Description • Products and Components Affected • Upgrades • Credit Statement • Vulnerability Descriptions and Ratings • Splunk’s XML Parser is Vulnerable to XXE (SPL-31061) (CVE-2010-3322) • SPLUNKD_SESSION_KEY parameter allows session hijacking (SPL-31094) (CVE-2010-3323) Description Splunk version 415 contain ...