Splunk Enterprise HTML Injection Vulnerability

Splunk Enterprise is prone to an HTML injection vulnerability.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user or gain access to sensitive information. Other attacks are also possible.

Information

Bugtraq ID: 97286
Class: Input Validation Error
CVE: CVE-2017-5607

Remote: Yes
Local: No
Published: Mar 27 2017 12:00AM
Updated: Apr 15 2019 06:00PM
Credit: John Page (hyp3rlinx)
Vulnerable: Splunk Splunk Enterprise 6.5.2
Splunk Splunk Enterprise 6.4.4
Splunk Splunk Enterprise 6.4.1
Splunk Splunk Enterprise 6.3.9
Splunk Splunk Enterprise 6.3.1
Splunk Splunk Enterprise 6.2.13
Splunk Splunk Enterprise 6.2.12
Splunk Splunk Enterprise 6.2.9
Splunk Splunk Enterprise 6.2.8
Splunk Splunk Enterprise 6.2.7
Splunk Splunk Enterprise 6.2.6
Splunk Splunk Enterprise 6.2.5
Splunk Splunk Enterprise 6.2.4
Splunk Splunk Enterprise 6.2.3
Splunk Splunk Enterprise 6.2.1
Splunk Splunk Enterprise 6.2
Splunk Splunk Enterprise 6.1.12
Splunk Splunk Enterprise 6.1.9
Splunk Splunk Enterprise 6.1.8
Splunk Splunk Enterprise 6.1.7
Splunk Splunk Enterprise 6.1.6
Splunk Splunk Enterprise 6.1.5
Splunk Splunk Enterprise 6.1.4
Splunk Splunk Enterprise 6.1.3
Splunk Splunk Enterprise 6.1.2
Splunk Splunk Enterprise 6.1.1
Splunk Splunk Enterprise 6.0.13
Splunk Splunk Enterprise 6.0.6
Splunk Splunk Enterprise 6.0.4
Splunk Splunk Enterprise 6.0.3
Splunk Splunk Enterprise 6.0
Splunk Splunk Enterprise 5.0.17
Splunk Splunk Enterprise 5.0
Splunk Splunk Enterprise 6.5.1
Splunk Splunk Enterprise 6.5.0
Splunk Splunk Enterprise 6.4.5
Splunk Splunk Enterprise 6.4.3
Splunk Splunk Enterprise 6.4.2
Splunk Splunk Enterprise 6.4.0
Splunk Splunk Enterprise 6.3.0
Splunk Splunk Enterprise 6.2.2
Splunk Splunk Enterprise 6.2.11
Splunk Splunk Enterprise 6.2.10
Splunk Splunk Enterprise 6.1.11
Splunk Splunk Enterprise 6.1.10
Splunk Splunk Enterprise 6.1.0
Splunk Splunk Enterprise 6.0.12
Splunk Splunk Enterprise 6.0.11
Splunk Splunk Enterprise 5.0.16
Splunk Splunk Enterprise 5.0.15
Splunk Light 6.5
Splunk Light 6.4.2
Splunk Light 6.4.1
Splunk Light 6.4
Splunk Light 6.3.5
Splunk Light 6.3.4
Splunk Light 6.3.3
Splunk Light 6.3.2
Splunk Light 6.3.1
Splunk Light 6.3
Splunk Light 6.5.1

Not Vulnerable: Splunk Splunk Enterprise 6.5.3
Splunk Splunk Enterprise 6.4.6
Splunk Splunk Enterprise 6.3.10
Splunk Splunk Enterprise 6.2.14
Splunk Splunk Enterprise 6.1.13
Splunk Splunk Enterprise 6.0.14
Splunk Splunk Enterprise 5.0.18
Splunk Splunk Enterprise 6.2.13.1
Splunk Light 6.5.2

Exploit

Attackers can exploit this issue using a browser or readily available tools.

References:

Splunk Homepage (Splunk)
Splunk Enterprise 6.5.3, 6.2.13.1 and Splunk Light 6.5.2 address multiple vulner (Splunk)

Source: www.securityfocus.com

Exploit Collector

Search Exploit