Getting Data In

security - ssl rest api not closed on /dev/zero stream input

lmcphpe
Engager

If you run the command
openssl s_client -connect ip:port < /dev/zero 2>&1
towards the rest api (port 8089) with ssl enabled, the tcp connection stays up forever after ssl handshake is done.

is there a way to mitigate this vulnerability?

aaraneta_splunk
Splunk Employee
Splunk Employee

@lmcphpe - Did one of the answers below help provide a solution your question? If yes, please click “Accept” below the best answer to resolve this post and upvote anything that was helpful. If no, please leave a comment with more feedback. Thanks.

0 Karma

jtacy
Builder

This reminds me of the Slowloris [https://en.wikipedia.org/wiki/Slowloris_(computer_security)] attack that takes advantage of web servers that can't handle a lot of open connections. I haven't tested to see how vulnerable Splunk is but I would seriously consider placing some kind of reverse proxy in front of any user-facing services. I'm sure nginx is a popular option for this but if you already have F5 load balancers you may be able to use HTTP and OneConnect profiles to separate the client and server side connections. I'm sure other load balancers have similar options.

0 Karma

dwaddle
SplunkTrust
SplunkTrust

I would suggest that you look at how to report a possible vulnerability at https://www.splunk.com/page/securityportal. Report it there, and the ProdSec team will review as needed and get back to you.

0 Karma
Get Updates on the Splunk Community!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...

4 Ways the Splunk Community Helps You Prepare for .conf25

.conf25 is right around the corner, and whether you’re a first-time attendee or a seasoned Splunker, the ...