Security

Why is Security scan showing CVE-2018-11409 on Splunk 8.1.3?

ed_a
Engager

Hi all,

A security scan on our Splunk server has thrown up CVE-2018-11409. I've verified thatwe are affected -  I can access info on /en-US/splunkd/__raw/services/server/info/server-info?output_mode=json without being logged in.

https://www.splunk.com/en_us/product-security/announcements-archive/SP-CAAAP5E.html claims this was fixed for unauthenticated users in Splunk 6.6.0+, but we're running Splunk 8.1.3 (that version info is even printed in /en-US/splunkd/__raw/services/server/info/server-info?output_mode=json !).

Any idea why we could still be affected on Splunk 8.1.3?

Thanks

Labels (3)
Tags (2)

hdak
Observer

I solved it editing etc/system/local/restmap.conf.

0 Karma

splunkreal
Motivator

Defect SPL-128340 with the description "Change server/info protection to true by default" is solved,

Tested on V8.2.2

* If this helps, please upvote or accept solution 🙂 *
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...