Vulnerability Details CVE-2011-4644
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.067
EPSS Ranking 90.9%
CVSS Severity
CVSS v2 Score 9.3
References
- http://www.exploit-db.com/exploits/18245/
- http://www.sec-1.com/blog/?p=233
- http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf
- http://www.exploit-db.com/exploits/18245/
- http://www.sec-1.com/blog/?p=233
- http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf
Products affected by CVE-2011-4644
-
cpe:2.3:a:splunk:splunk:2.1
-
cpe:2.3:a:splunk:splunk:2.2
-
cpe:2.3:a:splunk:splunk:2.2.1
-
cpe:2.3:a:splunk:splunk:2.2.3
-
cpe:2.3:a:splunk:splunk:2.2.6
-
cpe:2.3:a:splunk:splunk:3.0
-
cpe:2.3:a:splunk:splunk:3.0.1
-
cpe:2.3:a:splunk:splunk:3.0.2
-
cpe:2.3:a:splunk:splunk:3.1
-
cpe:2.3:a:splunk:splunk:3.1.1
-
cpe:2.3:a:splunk:splunk:3.1.2
-
cpe:2.3:a:splunk:splunk:3.1.3
-
cpe:2.3:a:splunk:splunk:3.1.4
-
cpe:2.3:a:splunk:splunk:3.2
-
cpe:2.3:a:splunk:splunk:3.2.1
-
cpe:2.3:a:splunk:splunk:3.2.2
-
cpe:2.3:a:splunk:splunk:3.2.3
-
cpe:2.3:a:splunk:splunk:3.2.4
-
cpe:2.3:a:splunk:splunk:3.2.5
-
cpe:2.3:a:splunk:splunk:3.2.6
-
cpe:2.3:a:splunk:splunk:3.3
-
cpe:2.3:a:splunk:splunk:3.3.1
-
cpe:2.3:a:splunk:splunk:3.3.2
-
cpe:2.3:a:splunk:splunk:3.3.3
-
cpe:2.3:a:splunk:splunk:3.3.4
-
cpe:2.3:a:splunk:splunk:3.4
-
cpe:2.3:a:splunk:splunk:3.4.1
-
cpe:2.3:a:splunk:splunk:3.4.10
-
cpe:2.3:a:splunk:splunk:3.4.11
-
cpe:2.3:a:splunk:splunk:3.4.12
-
cpe:2.3:a:splunk:splunk:3.4.13
-
cpe:2.3:a:splunk:splunk:3.4.14
-
cpe:2.3:a:splunk:splunk:3.4.2
-
cpe:2.3:a:splunk:splunk:3.4.3
-
cpe:2.3:a:splunk:splunk:3.4.5
-
cpe:2.3:a:splunk:splunk:3.4.6
-
cpe:2.3:a:splunk:splunk:3.4.8
-
cpe:2.3:a:splunk:splunk:3.4.9
-
cpe:2.3:a:splunk:splunk:4.0
-
cpe:2.3:a:splunk:splunk:4.0.1
-
cpe:2.3:a:splunk:splunk:4.0.10
-
cpe:2.3:a:splunk:splunk:4.0.11
-
cpe:2.3:a:splunk:splunk:4.0.2
-
cpe:2.3:a:splunk:splunk:4.0.3
-
cpe:2.3:a:splunk:splunk:4.0.4
-
cpe:2.3:a:splunk:splunk:4.0.5
-
cpe:2.3:a:splunk:splunk:4.0.6
-
cpe:2.3:a:splunk:splunk:4.0.7
-
cpe:2.3:a:splunk:splunk:4.0.8
-
cpe:2.3:a:splunk:splunk:4.0.9
-
cpe:2.3:a:splunk:splunk:4.1
-
cpe:2.3:a:splunk:splunk:4.1.1
-
cpe:2.3:a:splunk:splunk:4.1.2
-
cpe:2.3:a:splunk:splunk:4.1.3
-
cpe:2.3:a:splunk:splunk:4.1.4
-
cpe:2.3:a:splunk:splunk:4.1.5
-
cpe:2.3:a:splunk:splunk:4.1.6
-
cpe:2.3:a:splunk:splunk:4.1.7
-
cpe:2.3:a:splunk:splunk:4.1.8
-
cpe:2.3:a:splunk:splunk:4.2
-
cpe:2.3:a:splunk:splunk:4.2.
-
cpe:2.3:a:splunk:splunk:4.2.1
-
cpe:2.3:a:splunk:splunk:4.2.2
-
cpe:2.3:a:splunk:splunk:4.2.3
-
cpe:2.3:a:splunk:splunk:4.2.4
-
cpe:2.3:a:splunk:splunk:4.2.5