CVE-2018-7432 - Input Validation vulnerability in Splunk

Publication

2018-10-23

Last modification

2018-12-10

Summary

Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request.

Classification

CWE-20 - Input Validation

Risk level (CVSS AV:N/AC:L/Au:N/C:N/I:N/A:P)

Medium

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Splunk Splunk  6.2.10 , 6.2.1 , 6.2.5 , 6.3.9 , 6.3.3 , 6.2.4 , 6.3.7 , 6.4.6 , 6.5.1 , 6.2.3 , 6.2.11 , 6.2.12 , 6.2.8 , 6.2.9 , 6.4.2 , 6.3.0 , 6.2.2 , 6.3.2 , 6.4.4 , 6.5.2 , 6.2.7 , 6.4.1 , 6.3.5 , 6.2.0 , 6.3.1 , 6.4.0 , 6.2.13 , 6.4.3 , 6.4.5 , 6.3.4 , 6.3.6 , 6.5.0 , 6.3.8 , 6.2.6