Aaron@Vtty.Com

**Name of the Vulnerable Software and Affected Versions** Splunk versions 4.0 through 4.0.10 Splunk versions 4.1 through 4.1.1 **Description** The issue allows remote attackers to read arbitrary files, and remote authenticated users to modify arbitrary files. It may also have an unknown impact via redirects. **Recommendations** For versions 4.0 through 4.0.10, update to a version outside of this range to mitigate the risk. For versions 4.1 through 4.1.1, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Splunk versions 4.0 through 4.0.10 Splunk versions 4.1 through 4.1.1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via redirects, `user->user or user->admin` vectors, or `user input`. **Recommendations** For Splunk versions 4.0 through 4.0.10, update to a version outside of this range to mitigate the risk. For Splunk versions 4.1 through 4.1.1, update to a version outside of this range to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Splunk versions 4.0 through 4.0.10 Splunk versions 4.1 through 4.1.1 **Description** The issue allows remote authenticated users to obtain sensitive information via HTTP header injection. **Recommendations** For versions 4.0 through 4.0.10, update to a version outside of this range to resolve the issue. For versions 4.1 through 4.1.1, update to a version outside of this range to resolve the issue.