Splunk Enterprise update for third-party components



Published: 2024-07-01
Risk Medium
Patch available YES
Number of vulnerabilities 23
CVE-ID CVE-2023-47627
CVE-2022-40899
CVE-2023-32681
CVE-2022-40898
CVE-2022-40896
CVE-2022-40897
CVE-2023-5752
CVE-2024-3651
CVE-2023-37920
CVE-2023-45803
CVE-2023-43804
CVE-2023-37276
CVE-2023-35116
CVE-2018-10237
CVE-2023-2976
CVE-2020-8908
CVE-2022-36364
CVE-2023-39410
CVE-2023-34455
CVE-2023-34454
CVE-2023-34453
CVE-2023-43642
CVE-2021-29425
CWE-ID CWE-444
CWE-185
CWE-200
CWE-20
CWE-1333
CWE-77
CWE-400
CWE-345
CWE-789
CWE-276
CWE-94
CWE-502
CWE-190
CWE-770
CWE-22
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #11 is available.
Vulnerable software
Subscribe 		Splunk Enterprise
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor Splunk Inc.

Security Bulletin

This security bulletin contains information about 23 vulnerabilities.

1) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU83631

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-47627

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests when AIOHTTP_NO_EXTENSIONS is enabled. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Incorrect Regular Expression

EUVDB-ID: #VU71137

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40899

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing the Set-Cookie header. A remote attacker can send a specially crafted HTTP request to the application and perform a regular expression denial of service (ReDoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU77164

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-32681

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Input validation error

EUVDB-ID: #VU71377

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40898

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input passed to wheel cli. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Inefficient regular expression complexity

EUVDB-ID: #VU82226

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40896

CWE-ID: CWE-1333 - Inefficient Regular Expression Complexity

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions in pygments/lexers/smithy.py. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Incorrect Regular Expression

EUVDB-ID: #VU71379

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40897

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing HTML content. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Command Injection

EUVDB-ID: #VU84849

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-5752

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation when installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip. A remote attacker who controls the repository can use the specified Mercurial revision to inject arbitrary configuration options to the "hg clone" call (ie "--config").

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource exhaustion

EUVDB-ID: #VU88828

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-3651

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the idna.encode() function. A remote attacker can pass an overly long domain name to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Insufficient verification of data authenticity

EUVDB-ID: #VU79296

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-37920

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exist due to software recognizes "e-Tugra" root certificates, which were subject to an investigation prompted by reporting of security issues in their systems. An attacker with ability to generate certificates signed with the  compromised "e-Tugra" root certificate can perform MitM attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Information disclosure

EUVDB-ID: #VU82978

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-45803

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to urllib3 does not remove the HTTP request body when redirecting HTTP response using status codes 301, 302, or 303, after the request had its method changed from one that could accept a request body (e.g. from POST to GET). A remote attacker can gain access to potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information disclosure

EUVDB-ID: #VU81322

Risk: Low

CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-43804

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to urllib does not strip the "Cookie" HTTP header during cross-origin HTTP redirects. A remote attacker can gain unauthorized access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

12) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU78448

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-37276

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests in the aiohttp.web.Application. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU82122

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-35116

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform service disruption.

The vulnerability exists due to improper input validation within the Oracle Database Fleet Patching and Provisioning (jackson-databind) in Oracle Database Server. A remote authenticated user can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Uncontrolled memory allocation

EUVDB-ID: #VU12886

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-10237

CWE-ID: CWE-789 - Uncontrolled Memory Allocation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to unbounded memory allocation. A remote attacker can cause the service to crash and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Incorrect default permissions

EUVDB-ID: #VU77107

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2976

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions in com.google.common.io.FileBackedOutputStream. A local user with access to the system can view contents of files and directories or modify them.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Incorrect default permissions

EUVDB-ID: #VU50139

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8908

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files located in the temporary directory set by the Guava com.google.common.io.Files.createTempDir(). A local user with access to the system can view contents of files and directories or modify them.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Code Injection

EUVDB-ID: #VU65864

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-36364

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in JDBC driver, which creates HTTP client instances based on class names provided via "httpclient_impl" connection property. The driver does not verify if the class implements the expected interface before instantiating it. A remote user with ability to control JDBC connection parameters can inject arbitrary class name and execute code on the system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Deserialization of Untrusted Data

EUVDB-ID: #VU83219

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-39410

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to reader can consume memory beyond the allowed constraints and thus lead to out of memory on the system, when deserializing untrusted or corrupted data. A remote attacker can pass specially crafted data to the application and perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Resource exhaustion

EUVDB-ID: #VU77362

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34455

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Integer overflow

EUVDB-ID: #VU77361

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34454

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in compress. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Integer overflow

EUVDB-ID: #VU77359

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34453

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in shuffle. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU82454

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-43642

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to missing upper bound check on chunk length. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Path traversal

EUVDB-ID: #VU52252

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-29425

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error within the FileNameUtils.normalize method when processing directory traversal sequences, such as "//../foo", or "\..foo". A remote attacker can send a specially crafted request and verify files availability in the parent folder.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Splunk Enterprise: 9.0.0 - 9.2.0

CPE2.3 External links

http://advisory.splunk.com/advisories/SVD-2024-0718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###