Security

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors

anilt2645
New Member

Hi ,

Currently we are working on Vulnerabilities listed below.

CVE-2013-6870 and CVE-2013-6998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6998

**

Could any help to find the patch for the above Vulnerable's.

Thanks & Regards,
Anil

0 Karma
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

CVE-2013-6998 has been fixed in 5.0.6: https://www.splunk.com/view/SP-CAAAJCD
Based on the description of CVE-2013-6870 I'd say this has been fixed in 5.0.6 as well.

To get your environment patched you just need to upgrade to 5.0.6 or later.

View solution in original post

martin_mueller
SplunkTrust
SplunkTrust

CVE-2013-6998 has been fixed in 5.0.6: https://www.splunk.com/view/SP-CAAAJCD
Based on the description of CVE-2013-6870 I'd say this has been fixed in 5.0.6 as well.

To get your environment patched you just need to upgrade to 5.0.6 or later.

martin_mueller
SplunkTrust
SplunkTrust

5.0.6 is a couple of years old, I'd recommend upgrading to 6.4.3 - you will get many more security issues fixed, new features, improved performance, etc.

If there is a patch just for this thing alone you'll need to go through support... though I'll predict their response, there really is no reason to stay on 5.0.x.

anilt2645
New Member

Instead of upgrading to 5.0.6 , is there any specific patch for this fix? Because package 5.0.6 will be having to many issues fixed in that version . So instead of taking all the changes looking for specific fix.

Could you please help us on same.

0 Karma

dwaddle
SplunkTrust
SplunkTrust

Splunk does not issue generally available specific tiny patches for specific issues. Maintenance releases are cumulative. You REALLY should be working toward getting onto modern versions of the product. Soon, 5.0 will be out of support entirely.

Get Updates on the Splunk Community!

3 Ways to Make OpenTelemetry Even Better

My role as an Observability Specialist at Splunk provides me with the opportunity to work with customers of ...

What's New in Splunk Cloud Platform 9.2.2406?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2406 with many ...

Enterprise Security Content Update (ESCU) | New Releases

In August, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...