Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0036 An updated Splunk corrects one vulnerability 12 March 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Splunk Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade Member content until: Wednesday, April 11 2012 OVERVIEW One vulnerability has been identified in Splunk prior to version 4.3.1. [1] IMPACT A reflected cross-site scripting (XSS) vulnerability has been found in Splunk Web. It can be exploited if an attacker tricks a user into clicking on a specially crafted link. [1] MITIGATION Splunk has released version 4.3.1 to correct these issues. [1] REFERENCES [1] Splunk 4.3.1 addresses one vulnerability http://www.splunk.com/view/SP-CAAAGTK AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBT12VJO4yVqjM2NGpAQIi5Q/9E1XTEbNxn7q4jguNCkv+QfQ70Ygl972s 21wVe1l+ShMCPqomu5DJ+CvSusadNw+oy7evxAHIDvxG6mCDrf3lt30rVwbn/u/b H6L8iMCVbbGZnuoTvoCEhhzWKVIjEAhQK6/QJlAu+rDBRrS/wVKdz9+xpwfZ1qJy +UJOPhzqqENo0Iu0EyURcAh2Z5Cp9QZVG+0zCNlzpmu640LCbj/PKv961+O+WgR5 bf5ra1s3Nxt05Y301YR0e694P1g4to3tZzVcT4jQelSg14L17+EaC/divBpLCc8f KlZCNHrhobWzbAp+pCmZYu3I5YyqAxFlN7wUZBma/aVh88yk06Fsftp8/KV/zAzP +3yZRp8e/yJuiHN1RPXDbErgijOIR8u3FhgcPv1DKFliJNsb1tFkiP4c9B+OdjOe 40P4XgOwJbqXdMRbO0Rfl6USHdMllJaF9rcmEMOGjxkhI3Igh3RHd6N3NkkysQ75 C+WIrOiylOHDjCl4IonyAGGJ3+e3y+ODb/hHWhJhUDj80c2sbJNVbeIr3j7+w0hY lzKiOU93KQQeW2s0YVM0HSvnHbAfQyIlicvG7vX+NBtg1WH9T3djSrfSt9zPkaZq mMhiI3QNkcPLjyPHHFRW3vdgyi+T2VO5DYuad85JZS6PQf/tdMlVym6Djfj2LV15 jLrKxwm2w34= =bgBj -----END PGP SIGNATURE-----