Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0031 Multiple vulnerabilities have been identified in Splunk Enterprise 6.5.3, 6.2.13.1 and Splunk Light 6.5.2. 4 April 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Splunk Enterprise Splunk Light Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Access Confidential Data -- Remote/Unauthenticated Cross-site Scripting -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-5607 Member content until: Thursday, May 4 2017 OVERVIEW Multiple vulnerabilities have been identified in Splunk Enterprise 6.5.3, 6.2.13.1 and Splunk Light 6.5.2. [1] IMPACT Splunk has provided the following details regarding the vulnerabilities: "Persistent Cross Site Scripting in Splunk Web (SPL-134841) Description: Splunk Enterprise versions 6.5.x before 6.5.3, 6.4.x before 6.4.6, 6.3.x before 6.3.10, 6.2.x before 6.2.13 and Splunk Light before 6.5.2 are affected by a vulnerability that allows an attacker to inject and store arbitrary script. However, the attacker has to be authenticated in Splunk web before exploiting this vulnerability. CVSS Severity (version 2.0): CVSS Base Score 6.6 CVSS Impact Subscore 9.2 CVSS Exploitability Subscore 6.6 Overall CVSS Score 5.0 Information Leakage via JavaScript (CVE-2017-5607) Description: Splunk Enterprise versions 6.5.x before 6.5.3, 6.4.x before 6.4.6, 6.3.x before 6.3.10, 6.2.x before 6.2.13.1, 6.1.x before 6.1.13, 6.0.x before 6.0.14, 5.0.x before 5.0.18 and Splunk Light before 6.5.2 are affected by a vulnerability that could allow a remote attacker to obtain logged-in username and Splunk version-related information via JavaScript. Credits: Splunk would like to thank John Page (hyp3rlinx) for reporting this vulnerability. CVSS Severity (version 2.0): CVSS Base Score 3.5 CVSS Impact Subscore 2.9 CVSS Exploitability Subscore 6.8 Overall CVSS Score 0.5" [1] MITIGATION Splunk recommends upgrading to the latest versions to address these vulnerabilities. [1] REFERENCES [1] Splunk Enterprise 6.5.3, 6.2.13.1 and Splunk Light 6.5.2 address multiple vulnerabilities http://www.splunk.com/view/SP-CAAAPZ3 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWOMs54x+lLeg9Ub1AQh7nw/+NuixUv7vDJsjmtrN9QTOAc1m91iCKz4S gmig7WC5UI0qOW47MDwrioZYVS+bEg2MRh8V0XT83Kei5WcjB3cwkCGOnlXgM9Xn sv7m3bdt8WMakq4OvXnj+2+p6OCIYQDC9ZYiD4JPQ28dlbNM4KnikFQLLz0F4NBV 1fzKbIumuqD2adMsH+cXvD7dGUPMbNMWUgfolKKAe2N5ilFtH2Z2pCcqNWX2EIJ7 cDAYaya8arPr30oX9qurcVwzV/BYDLogMgI+f+TzECM9FN8HnNxZai6B94vrUIET OUXYYsJLWXyl+JRpv7rQYSmCwg2XAOUpzAQCQ52qlFbelJ3ADkOlAzXzfKWm6Xe9 m3G51vLete6YlHVJ0jGiTMFTR11Xsj+8NfXkxqzrNhP4U8sfmiLyGalUK8f8S4Rw qNobZWDipx0yzfBi8JwZMaT206HXPzo73jGjHY/8QKWXCyXtTlhBmjQVpvim/uTx LtjdBXNrDxTAOSNbr5V1n5WagiNTNw7ZvRQkDWSPN25hBqJSLrMhtloo4DGJO8km 6MhuZzqq4D8PGlTJn++nZlAnqwCv7SxAV9qi+3eZSo/thoqFpavSOwnBUV0hk2Fy x/z2p3MDEmJ6zzuxo6jesqENQDFTFvqkXRIPtEgIg6iPa/t5alsZpQzFtZVVjaCd M/FGIN8FBfA= =Hfwt -----END PGP SIGNATURE-----