Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Security Finding

khusain_splunk
Splunk Employee
Splunk Employee
‎03-31-2019 03:14 AM

Hi,

Please update us if the HTTP OPTIONS can be disabled? What are the affected ports?

Vulnerability Name: HTTP OPTIONS Method Enabled
Description: Web servers that respond to the OPTIONS HTTP method expose what other methods are supported by the web server, allowing attackers to narrow and intensify their efforts.
Remediation: Disable HTTP OPTIONS method on the web server.

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎03-31-2019 06:58 PM

You have not given us the source of this report. We have no reason to believe that it is accurate and we do not have enough details about what they think the vulnerability is to help you mitigate. Why did you not post ALL of the details, including the link to this claim?

0 Karma
Reply

khusain_splunk
Splunk Employee
Splunk Employee
‎03-31-2019 03:15 AM

Hi,

At the moment, the OPTIONS HTTP method cannot be disabled on the Splunk server (tcp/8089). It is enabled for Cross-Origin Resource Sharing (CORS) purpose. However, there are ways to handle this outside of Splunk. You can simply run an Apache or Nginx server to block requests from clients with OPTIONS HTTP method.

It seems to me that an attacker could just an easily try all HTTP methods to see which ones respond; thus blocking this one method seems unlikely to reduce risk much.

You can try changing the port 8089 to something else.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...