https://community.splunk.com/t5/Splunk-Enterprise/Splunk-lt-7-0-1-Information-Disclosure/m-p/381609#M7656 <P>If/when there is an official response, it will appear on: <A href="https://www.splunk.com/page/securityportal/">https://www.splunk.com/page/securityportal/</A></P> <P>UPDATE official response: <A href="https://www.splunk.com/view/SP-CAAAP5E">https://www.splunk.com/view/SP-CAAAP5E</A></P> <P>As of Splunk 6.6 that endpoint requires authentication: <A href="http://docs.splunk.com/Documentation/Splunk/6.6.0/Installation/Aboutupgradingto6.6READTHISFIRST#Protection_for_the_.27.2Fserver.2Finfo.27_REST_endpoint_is_now_on_by_default">http://docs.splunk.com/Documentation/Splunk/6.6.0/Installation/Aboutupgradingto6.6READTHISFIRST#Protection_for_the_.27.2Fserver.2Finfo.27_REST_endpoint_is_now_on_by_default</A></P> <P>As far as the "license keys" that are exposed, I don't know much about this endpoint, but to my untrained eye they look like they're hashes of the license files.<BR /> (An actual license is a signed XML file, for example see this expired license used as part of tests for the Java SDK: <A href="https://github.com/splunk/splunk-sdk-java/blob/master/tests/com/splunk/splunk_at_least_cupcake.license">https://github.com/splunk/splunk-sdk-java/blob/master/tests/com/splunk/splunk_at_least_cupcake.license</A> )</P> <P>REST Endpoint Description: <A href="http://docs.splunk.com/Documentation/Splunk/7.1.1/RESTREF/RESTintrospect#server.2Finfo">http://docs.splunk.com/Documentation/Splunk/7.1.1/RESTREF/RESTintrospect#server.2Finfo</A></P> Wed, 13 Jun 2018 02:11:38 GMT acharlieh 2018-06-13T02:11:38Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-lt-7-0-1-Information-Disclosure/m-p/381608#M7655 <P>Hi Splunkers! Is there any solutions for this right now?</P> <P>Splunk &lt; 7.0.1 - Information Disclosure - CVE: CVE-2018-11409</P> <P>link: <A href="https://nvd.nist.gov/vuln/detail/CVE-2018-11409">https://nvd.nist.gov/vuln/detail/CVE-2018-11409</A> </P> <P>Thanks!</P> Tue, 12 Jun 2018 18:23:20 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-lt-7-0-1-Information-Disclosure/m-p/381608#M7655 sarwshai 2018-06-12T18:23:20Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-lt-7-0-1-Information-Disclosure/m-p/381609#M7656 <P>If/when there is an official response, it will appear on: <A href="https://www.splunk.com/page/securityportal/">https://www.splunk.com/page/securityportal/</A></P> <P>UPDATE official response: <A href="https://www.splunk.com/view/SP-CAAAP5E">https://www.splunk.com/view/SP-CAAAP5E</A></P> <P>As of Splunk 6.6 that endpoint requires authentication: <A href="http://docs.splunk.com/Documentation/Splunk/6.6.0/Installation/Aboutupgradingto6.6READTHISFIRST#Protection_for_the_.27.2Fserver.2Finfo.27_REST_endpoint_is_now_on_by_default">http://docs.splunk.com/Documentation/Splunk/6.6.0/Installation/Aboutupgradingto6.6READTHISFIRST#Protection_for_the_.27.2Fserver.2Finfo.27_REST_endpoint_is_now_on_by_default</A></P> <P>As far as the "license keys" that are exposed, I don't know much about this endpoint, but to my untrained eye they look like they're hashes of the license files.<BR /> (An actual license is a signed XML file, for example see this expired license used as part of tests for the Java SDK: <A href="https://github.com/splunk/splunk-sdk-java/blob/master/tests/com/splunk/splunk_at_least_cupcake.license">https://github.com/splunk/splunk-sdk-java/blob/master/tests/com/splunk/splunk_at_least_cupcake.license</A> )</P> <P>REST Endpoint Description: <A href="http://docs.splunk.com/Documentation/Splunk/7.1.1/RESTREF/RESTintrospect#server.2Finfo">http://docs.splunk.com/Documentation/Splunk/7.1.1/RESTREF/RESTintrospect#server.2Finfo</A></P> Wed, 13 Jun 2018 02:11:38 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-lt-7-0-1-Information-Disclosure/m-p/381609#M7656 acharlieh 2018-06-13T02:11:38Z