CVE-2018-7429 - Input Validation vulnerability in Splunk

Publication

2018-10-23

Last modification

2018-12-10

Summary

Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request.

Classification

CWE-20 - Input Validation

Risk level (CVSS AV:N/AC:L/Au:N/C:N/I:N/A:P)

Medium

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Splunk Splunk  6.3.7 , 6.2.9 , 6.4.3 , 6.2.6 , 6.4.5 , 6.3.1 , 6.3.8 , 6.2.3 , 6.2.11 , 6.3.0 , 6.4.1 , 6.3.9 , 6.2.12 , 6.3.4 , 6.2.13 , 6.4.6 , 6.3.10 , 6.2.5 , 6.2.7 , 6.2.10 , 6.3.2 , 6.2.1 , 6.2.2 , 6.4.0 , 6.4.4 , 6.2.8 , 6.4.2 , 6.2.4 , 6.3.3 , 6.3.5 , 6.3.6 , 6.4.7 , 6.2.0