Are there any security vulnerability check reports done by Splunk?



My customer have configured Splunk to get the data in from "GitHub audit log stream" with Http Event Collector installed in their DMZ Server(with 8088 port open to the outside internet), Which forwards the data to another Splunk server within their secure server with only 9997, 8000 and 8088 port opened.

But, in order to open 8088 port from DMZ Server, they have to complete their Security Vulnerability Check. 

The problem is that the check returned with various security vulnerabilities, and that prevents them to open the port.

the vulnerabilities returned is as below.

phpPgAdmin redirect.php URL redirection
Spring Boot Actuator endpoint exposed
Missing "Content-Security-Policy" header
Sensitive Authentication (Basic) Information Leakage
Missing HttpOnly attribute in session cookie
Cookies with insecure, incorrect or missing SameSite attributes
Discover compressed directories
Unnecessary Http response headers were found in the application
Include sensitive session information in persistent cookies
Discovery of web application source code exposure patterns
host header injection

Are there any security vulnerability check reports done by Splunk? or some way to solve this vulnerability?

Thank you in advance.


Labels (1)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...