CVE-2016-10126

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions 5.0.x through 5.0.16 Splunk Enterprise versions 6.0.x through 6.0.12 Splunk Enterprise versions 6.1.x through 6.1.11 Splunk Enterprise versions 6.2.x through 6.2.11 Splunk Enterprise versions 6.3.x through 6.3.7 Splunk Enterprise versions 6.4.x through 6.4.3

Description The issue is related to insufficient access control in the Splunk Web interface of Splunk Enterprise, allowing remote attackers to conduct HTTP request injection attacks. This can lead to the exposure of sensitive REST API authentication token information via specially crafted HTTP requests.

Recommendations For versions 5.0.x through 5.0.16, update to version 5.0.17 or later. For versions 6.0.x through 6.0.12, update to version 6.0.13 or later. For versions 6.1.x through 6.1.11, update to version 6.1.12 or later. For versions 6.2.x through 6.2.11, update to version 6.2.12 or later. For versions 6.3.x through 6.3.7, update to version 6.3.8 or later. For versions 6.4.x through 6.4.3, update to version 6.4.4 or later.