PT-2014-3198 · Splunk · Splunk

Gerhard Muntingh

Published

2014-04-03

Updated

2014-08-07

CVE-2013-6771

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Splunk versions prior to 5.0.5

Description The issue allows remote attackers to execute arbitrary commands, potentially leading to remote code execution. This is due to a directory traversal vulnerability in the collect script, which can be exploited by including a .. (dot dot) in the file parameter.

Recommendations For versions prior to 5.0.5, update to version 5.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the collect script to minimize the risk of exploitation. Avoid using the file parameter with untrusted input in the collect script until the issue is resolved.

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2013-6771

ZDI-14-052

ZDI-14-053

Affected Products

Splunk

PT-2014-3198 · Splunk · Splunk

CVE-2013-6771

Weakness Enumeration

Related Identifiers

Affected Products

References · 6