Security

Why is Security scan showing CVE-2018-11409 on Splunk 8.1.3?

ed_a
Engager

Hi all,

A security scan on our Splunk server has thrown up CVE-2018-11409. I've verified thatwe are affected -  I can access info on /en-US/splunkd/__raw/services/server/info/server-info?output_mode=json without being logged in.

https://www.splunk.com/en_us/product-security/announcements-archive/SP-CAAAP5E.html claims this was fixed for unauthenticated users in Splunk 6.6.0+, but we're running Splunk 8.1.3 (that version info is even printed in /en-US/splunkd/__raw/services/server/info/server-info?output_mode=json !).

Any idea why we could still be affected on Splunk 8.1.3?

Thanks

Labels (3)
Tags (2)

hdak
Observer

I solved it editing etc/system/local/restmap.conf.

0 Karma

splunkreal
Motivator

Defect SPL-128340 with the description "Change server/info protection to true by default" is solved,

Tested on V8.2.2

* If this helps, please upvote or accept solution if it solved *
0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...