Signature Detail
Short Name |
HTTP:MISC:SPLUNK-MAPPY-RCE |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Splunk Mappy Search Command Remote Code Execution |
Release Date |
2015/06/09 |
Update Number |
2503 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Splunk Mappy Search Command Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Splunk. A successful exploit can lead to remote code execution.
Extended Description
Splunk is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible. Splunk 4.2 to 4.2.4 are vulnerable; other versions may also be affected.
Affected Products
- Splunk 4.2
- Splunk 4.2.2
- Splunk 4.2.3
- Splunk 4.2.4
References
- BugTraq: 51061
- CVE: CVE-2011-4642