Splunk Web Open Redirect Vulnerability Fixed by 6.4.3, 6.3.6, 6.2.10, 6.1.11, 6.0.12 and 5.0.16


Description   (:A vulnerability was reported in Splunk Web.:A remote attacker could exploit it by enticing their victim into following a specially crafted link in order to redirect them to a malicious website.::This vulnerability is due to improper input validation of the parameters in the HTTP request.)
     
Vulnerable Products   Vulnerable Software:
Splunk (Splunk) - 5.0, 5.0.1, 5.0.10, 5.0.11, 5.0.12, ..., 6.3.4, 6.3.5, 6.4, 6.4.1, 6.4.2
     
Solution   Versions 6.4.3, 6.3.6, 6.2.10, 6.1.11, 6.0.12 and 5.0.16 of Splunk Enterprise fix this vulnerability.
     
CVE  
     
References   - Splunk : Open redirect in Splunk Web (SPL-117212)
http://www.splunk.com/view/SP-CAAAPQ6
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-08-22 

 Target Type 
Client 

 Possible exploit 
Remote