Showing 1 - 1 of 1

CVE-2011-4644

Status Candidate

Overview

Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.

Related Files

Splunk Remote Root Command Execution / Directory Traversal: Posted Dec 15, 2011; Authored by Gary O'Leary-Steele | Site sec-1.com; Sec-1 Labs performed a product security analysis of Splunk and discovered remote command execution as a privileged user, a directory traversal vulnerability, failure to protect itself from brute force attacks and information disclosure issues. Versions 4.2.2, 4.2.3 and 4.2.4 were tested. This archive contains an advisory and an exploit.; tags | exploit, remote, info disclosure; systems | linux; advisories | CVE-2011-4642, CVE-2011-4643, CVE-2011-4644; SHA-256 | 9cc7b90d467527ef440024994f447af75a7361359080cde790f375729dc79e38; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 229 files
Ubuntu 91 files
Gentoo 33 files
Debian 23 files
Google Security Research 17 files
Mirabbas Agalarov 16 files
indoushka 11 files
CraCkEr 11 files
nu11secur1ty 9 files
Apple 9 files

File Archives

Systems

AIX (428)
Apple (1,978)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,751)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,755)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,304)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,614)
UNIX (9,235)
UnixWare (186)
Windows (6,555)
Other

CVE-2011-4644

Overview

Related Files

File Archive:

May 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems