Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Security Finding

khusain_splunk
Splunk Employee
Splunk Employee
‎03-31-2019 03:14 AM

Hi,

Please update us if the HTTP OPTIONS can be disabled? What are the affected ports?

Vulnerability Name: HTTP OPTIONS Method Enabled
Description: Web servers that respond to the OPTIONS HTTP method expose what other methods are supported by the web server, allowing attackers to narrow and intensify their efforts.
Remediation: Disable HTTP OPTIONS method on the web server.

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎03-31-2019 06:58 PM

You have not given us the source of this report. We have no reason to believe that it is accurate and we do not have enough details about what they think the vulnerability is to help you mitigate. Why did you not post ALL of the details, including the link to this claim?

0 Karma
Reply

khusain_splunk
Splunk Employee
Splunk Employee
‎03-31-2019 03:15 AM

Hi,

At the moment, the OPTIONS HTTP method cannot be disabled on the Splunk server (tcp/8089). It is enabled for Cross-Origin Resource Sharing (CORS) purpose. However, there are ways to handle this outside of Splunk. You can simply run an Apache or Nginx server to block requests from clients with OPTIONS HTTP method.

It seems to me that an attacker could just an easily try all HTTP methods to see which ones respond; thus blocking this one method seems unlikely to reduce risk much.

You can try changing the port 8089 to something else.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...