Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
Link | Resource |
---|---|
https://www.splunk.com/view/SP-CAAAPQ6 | Vendor Advisory |
https://jvn.jp/en/jp/JVN64800312/index.html | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/92603 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-05-12 11:29
Updated : 2017-05-19 11:49
NVD link : CVE-2016-4859
Mitre link : CVE-2016-4859
JSON object : View
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Products Affected
splunk
- splunk