Reflected XSS in Splunk Web Affecting Version 4.0 to 4.3

Published: 2012-03-07
Last Updated: 2012-03-07 23:44:56 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

A vulnerability has be found in Splunk 4.0 - 4.3 that allows partial confidentiality and integrity violation, when a user click on a specifically crafted link that can disclose sensitive information to the attacker. Splunk recommend consumers upgrade to version 4.3.1 and to follow its hardening standard [3] to mitigate the risk of exploitation.



Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Splunk XSS
0 comment(s)


Diary Archives