Splunk Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

Bugtraq ID:	51061
Class:	Input Validation Error
CVE:	CVE-2011-4642 CVE-2011-4778
Remote:	Yes
Local:	No
Published:	Dec 14 2011 12:00AM
Updated:	Jan 10 2012 10:00PM
Credit:	Emmanuel Bouillon from NATO C3 Agency and Gary Oleary-Steele
Vulnerable:	Splunk Splunk 4.2.4 Splunk Splunk 4.2.3 Splunk Splunk 4.2.2 Splunk Splunk 4.2
Not Vulnerable:	Splunk Splunk 4.2.5

Splunk Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

Splunk is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability.

An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose or modify sensitive information, or perform unauthorized actions. Other attacks are also possible.

Splunk 4.2 to 4.2.4 are vulnerable; other versions may also be affected.

Splunk Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

To exploit these issues, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.

The following exploit is available:

• /data/vulnerabilities/exploits/51061.rb

Splunk Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

Solution:
Updates are available. Please see the references for more details.

Splunk Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

References:

• Splunk Homepage (Splunk)
  
• Splunk 4.2.5 addresses two vulnerabilities (Splunk)