Published: 10/04/2017 Updated: 20/03/2019

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 3.5 | Impact Score: 1.4 | Exploitability Score: 2.1

VMScore: 356

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Splunk Enterprise 5.0.x prior to 5.0.18, 6.0.x prior to 6.0.14, 6.1.x prior to 6.1.13, 6.2.x prior to 6.2.13.1, 6.3.x prior to 6.3.10, 6.4.x prior to 6.4.6, and 6.5.x prior to 6.5.3 and Splunk Light prior to 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote malicious users to obtain sensitive logged-in username and version-related information via a crafted webpage.

Vulnerable Product	Search on Vulmon	Subscribe to Product
splunk splunk

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinxaltervistaorg [+] Source: hyp3rlinxaltervistaorg/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFTtxt [+] ISR: ApparitionSec Vendor: =============== wwwsplunkcom Product: ================== Splunk Enterprise Splunk provides the leading platform for Operati ...

Attackers can siphon information from Splunk Enterprise if an authenticated Splunk user visits a malicious webpage Some useful data gained is the currently logged in username and if remote user setting is enabled After, the username can be use to Phish or Brute Force Splunk Enterprise login Additional information stolen may aid in furthering att ...

Splunk software report with three related CVE.

Splunk-Defensive-Analysis Scientific paper about data management by Splunk software which, with three related CVE vulnerabilities analysis, is aimed to highlight Splunk reliability This project was made as an internet security relation at Univesity of Catania, Italy Please read documentation (italian) at docs CVE Details This report deals with the following CVE vulnerabilitie

Splunk software report with three related CVE.

Splunk-Defensive-Analysis Scientific paper about data management by Splunk software which, with three related CVE vulnerabilities analysis, is aimed to highlight Splunk reliability This project was made as an internet security relation at Univesity of Catania, Italy Please read documentation (italian) at docs CVE Details This report deals with the following CVE vulnerabilitie

Splunk software report with three related CVE.

Splunk-Defensive-Analysis Scientific paper about data management by Splunk software which, with three related CVE vulnerabilities analysis, is aimed to highlight Splunk reliability This project was made as an internet security relation at Univesity of Catania, Italy Please read documentation (italian) at docs CVE Details This report deals with the following CVE vulnerabilitie

CWE-200 https://www.splunk.com/view/SP-CAAAPZ3#InformationLeakageviaJavaScriptCVE20175607 https://www.exploit-db.com/exploits/41779/http://www.securitytracker.com/id/1038170 http://www.securityfocus.com/bid/97286 http://www.securityfocus.com/bid/97265 http://seclists.org/fulldisclosure/2017/Mar/89 http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt http://www.securityfocus.com/archive/1/540346/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/41779/https://github.com/zMrSec/Splunk-Defensive-Analysis

CVE-2017-5607

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect