4
CVSSv2

CVE-2011-4643

Published: 03/01/2012 Updated: 29/08/2017
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
VMScore: 405
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

Multiple directory traversal vulnerabilities in Splunk 4.x prior to 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

splunk splunk 4.0

splunk splunk 4.0.1

splunk splunk 4.0.9

splunk splunk 4.0.10

splunk splunk 4.1.5

splunk splunk 4.1.6

splunk splunk 4.2.4

splunk splunk 4.0.5

splunk splunk 4.0.6

splunk splunk 4.1.1

splunk splunk 4.1.2

splunk splunk 4.2

splunk splunk 4.2.1

splunk splunk 4.0.2

splunk splunk 4.0.3

splunk splunk 4.0.4

splunk splunk 4.0.11

splunk splunk 4.1

splunk splunk 4.1.7

splunk splunk 4.1.8

splunk splunk 4.0.7

splunk splunk 4.0.8

splunk splunk 4.1.3

splunk splunk 4.1.4

splunk splunk 4.2.2

splunk splunk 4.2.3

Vendor Advisories

Table of Contents• Description • Products and Components Affected • Upgrades • Credit • Vulnerability Descriptions and Ratings • Reflected XSS in SplunkWeb (SPL-44614) (CVE-2011-4778) • Remote Code Execution in Splunk Web (SPL-45172) (CVE-2011-4642) • Directory Traversal in Splunk (SPL-45243) (CVE-2011-4643) Description Splunk vers ...

Exploits

from sec1httplibrequestbuilder import Requestobj from sec1httplibthread_dispatcher import * import threading import re import urlparse import sys import urllib import base64 from optparse import OptionParser import sys """ Source: wwwsec-1com/blog/?p=233 Splunk remote root exploit Author: Gary O'leary-Steele @ Sec-1 Ltd Date: 5th ...