Splunk Web Open Redirect Vulnerability Fixed by 6.4.2, 6.3.6 and 6.2.11


Description   (:A vulnerability was reported in Splunk Web.:A remote attacker could exploit it by enticing their victim into following a specially crafted link in order to redirect to a malicious website.::The vulnerability is due to improper input validation of the parameters in the HTTP request.)
     
Vulnerable Products   Vulnerable Software:
Splunk (Splunk) - 6.2, 6.2.0, 6.2.1, 6.2.10, 6.2.2, ..., 6.3.3, 6.3.4, 6.3.5, 6.4, 6.4.1
     
Solution   Versions 6.4.2, 6.3.6 and 6.2.11 of Splunk Enterprise fix this vulnerability.
     
CVE  
     
References   - Splunk : Open redirect in Splunk Web (SPL-119464)
http://www.splunk.com/view/SP-CAAAPQM
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-07-28 

 Target Type 
Client 

 Possible exploit 
Local & Remote