https://community.splunk.com/t5/Security/How-do-I-tell-if-we-are-using-Splunk-Web/m-p/334069#M8511 <P>I am using Splunk Enterprise 6.6.1 and there is a security vulnerability that exploits Splunk Web that is resolved in 6.6.3. I go to my services running and there is a "splunkweb (for legacy purposes only)" service that is not running, so it appears that we do not use splunk web, although I can still access splunk from the web interface. How can I find out for sure if I am exposed to this vulnerability? </P> Wed, 13 Sep 2017 15:50:46 GMT mpwhite 2017-09-13T15:50:46Z https://community.splunk.com/t5/Security/How-do-I-tell-if-we-are-using-Splunk-Web/m-p/334069#M8511 <P>I am using Splunk Enterprise 6.6.1 and there is a security vulnerability that exploits Splunk Web that is resolved in 6.6.3. I go to my services running and there is a "splunkweb (for legacy purposes only)" service that is not running, so it appears that we do not use splunk web, although I can still access splunk from the web interface. How can I find out for sure if I am exposed to this vulnerability? </P> Wed, 13 Sep 2017 15:50:46 GMT https://community.splunk.com/t5/Security/How-do-I-tell-if-we-are-using-Splunk-Web/m-p/334069#M8511 mpwhite 2017-09-13T15:50:46Z https://community.splunk.com/t5/Security/How-do-I-tell-if-we-are-using-Splunk-Web/m-p/334070#M8512 <P>if you're accessing splunk on port 8000, you are running splunkweb on port 8000. unless you deliberately turn it off in web.conf, splunkweb starts with Splunk. </P> <P>in order to find out for sure, you would have to run intrusion tests on splunkweb, following the criteria of your specific vulnerability. </P> Wed, 13 Sep 2017 17:19:55 GMT https://community.splunk.com/t5/Security/How-do-I-tell-if-we-are-using-Splunk-Web/m-p/334070#M8512 tmarlette 2017-09-13T17:19:55Z