Security

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors

anilt2645
New Member

Hi ,

Currently we are working on Vulnerabilities listed below.

CVE-2013-6870 and CVE-2013-6998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6998

**

Could any help to find the patch for the above Vulnerable's.

Thanks & Regards,
Anil

0 Karma
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

CVE-2013-6998 has been fixed in 5.0.6: https://www.splunk.com/view/SP-CAAAJCD
Based on the description of CVE-2013-6870 I'd say this has been fixed in 5.0.6 as well.

To get your environment patched you just need to upgrade to 5.0.6 or later.

View solution in original post

martin_mueller
SplunkTrust
SplunkTrust

CVE-2013-6998 has been fixed in 5.0.6: https://www.splunk.com/view/SP-CAAAJCD
Based on the description of CVE-2013-6870 I'd say this has been fixed in 5.0.6 as well.

To get your environment patched you just need to upgrade to 5.0.6 or later.

martin_mueller
SplunkTrust
SplunkTrust

5.0.6 is a couple of years old, I'd recommend upgrading to 6.4.3 - you will get many more security issues fixed, new features, improved performance, etc.

If there is a patch just for this thing alone you'll need to go through support... though I'll predict their response, there really is no reason to stay on 5.0.x.

anilt2645
New Member

Instead of upgrading to 5.0.6 , is there any specific patch for this fix? Because package 5.0.6 will be having to many issues fixed in that version . So instead of taking all the changes looking for specific fix.

Could you please help us on same.

0 Karma

dwaddle
SplunkTrust
SplunkTrust

Splunk does not issue generally available specific tiny patches for specific issues. Maintenance releases are cumulative. You REALLY should be working toward getting onto modern versions of the product. Soon, 5.0 will be out of support entirely.

Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...