PT-2018-18066 · Splunk · Splunk Enterprise+1

Robert Dunn

Publicado

2018-10-23

Atualizado

2018-12-10

CVE-2018-7432

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions 6.2.x through 6.2.13 Splunk Enterprise versions 6.3.x through 6.3.9 Splunk Enterprise versions 6.4.x through 6.4.6 Splunk Enterprise versions 6.5.x through 6.5.2 Splunk Light versions prior to 6.6.0

Description The issue allows remote attackers to cause a denial of service via a crafted HTTP request.

Recommendations For Splunk Enterprise versions 6.2.x through 6.2.13, update to version 6.2.14 or later. For Splunk Enterprise versions 6.3.x through 6.3.9, update to version 6.3.10 or later. For Splunk Enterprise versions 6.4.x through 6.4.6, update to version 6.4.7 or later. For Splunk Enterprise versions 6.5.x through 6.5.2, update to version 6.5.3 or later. For Splunk Light versions prior to 6.6.0, update to version 6.6.0 or later.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2018-7432

Produtos afetados

Splunk Enterprise

Splunk Light

PT-2018-18066 · Splunk · Splunk Enterprise+1

CVE-2018-7432

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3