Directory traversal vulnerability in the collect script in Splunk prior to 5.0.5 allows remote malicious users to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscript echo.sh" script.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
splunk splunk |
||
splunk splunk 5.0.3 |
||
splunk splunk 5.0.2 |
||
splunk splunk 5.0.1 |
||
splunk splunk 5.0 |