漏洞类别:CGI
漏洞等级: 
漏洞信息
Splunk is a log monitoring and reporting tool with search capabilities. Splunk Enterprise and Splunk Light are exposed to following vulnerabilities:
Multiple vulnerabilities in OpenSSL before 1.0.1t and 1.0.2h (SPL-119440)
Multiple vulnerabilities in libarchive before 3.2.1 (SPL-123095)
Multiple vulnerabilities in libxml2 prior to 2.9.4 (SPL-121159)
Open redirect in Splunk Web (SPL-119464)
Cross-Site Scripting Vulnerability in Splunk Web (SPL-118666)
Affected Versions Prior to:
Splunk Enterprise 6.4.2, 6.3.6, 6.2.11, 6.1.11, 6.0.12 and 5.0.16
Splunk Light 6.4.2
漏洞危害
Successfully exploiting these vulnerabilities might allow an attacker to perform cross-site scripting attacks, execute arbitrary code or redirect user to an attacker controlled website.
解决方案
Vendor has released updated versions to fix these vulnerabilities. Please refer Splunk SP-CAAAPQM for more details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论