Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2011-4642

Published: 03/01/2012 Updated: 06/11/2012
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 466
Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P
Subscribe to Splunk

Vulnerability Summary

mappy.py in Splunk Web in Splunk 4.2.x prior to 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

splunk splunk 4.2.4

splunk splunk 4.2.2

splunk splunk 4.2.3

splunk splunk 4.2

splunk splunk 4.2.1

Exploits

Exploit DB: Splunk - Remote Command Execution
from sec1httplibrequestbuilder import Requestobj from sec1httplibthread_dispatcher import * import threading import re import urlparse import sys import urllib import base64 from optparse import OptionParser import sys """ Source: wwwsec-1com/blog/?p=233 Splunk remote root exploit Author: Gary O'leary-Steele @ Sec-1 Ltd Date: 5th ...

Github Repositories

https://github.com/zMrSec/Splunk-Defensive-Analysis

Splunk software report with three related CVE.

Splunk-Defensive-Analysis Scientific paper about data management by Splunk software which, with three related CVE vulnerabilities analysis, is aimed to highlight Splunk reliability This project was made as an internet security relation at Univesity of Catania, Italy Please read documentation (italian) at docs CVE Details This report deals with the following CVE vulnerabilitie

https://github.com/tsumarios/Splunk-Defensive-Analysis

Splunk software report with three related CVE.

Splunk-Defensive-Analysis Scientific paper about data management by Splunk software which, with three related CVE vulnerabilities analysis, is aimed to highlight Splunk reliability This project was made as an internet security relation at Univesity of Catania, Italy Please read documentation (italian) at docs CVE Details This report deals with the following CVE vulnerabilitie

https://github.com/zMrDevJ/Splunk-Defensive-Analysis

Splunk software report with three related CVE.

Splunk-Defensive-Analysis Scientific paper about data management by Splunk software which, with three related CVE vulnerabilities analysis, is aimed to highlight Splunk reliability This project was made as an internet security relation at Univesity of Catania, Italy Please read documentation (italian) at docs CVE Details This report deals with the following CVE vulnerabilitie

References

CWE-352http://www.sec-1.com/blog/?p=233http://www.exploit-db.com/exploits/18245/http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdfhttp://www.splunk.com/view/SP-CAAAGMMhttp://www.securitytracker.com/id?1026451http://secunia.com/advisories/47232https://nvd.nist.govhttps://github.com/zMrSec/Splunk-Defensive-Analysishttps://www.exploit-db.com/exploits/18245/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook