Re: CVE-2018-11409 on Splunk 8.1.3

ed_a · ‎07-07-2021

Hi all,

A security scan on our Splunk server has thrown up CVE-2018-11409. I've verified thatwe are affected - I can access info on /en-US/splunkd/__raw/services/server/info/server-info?output_mode=json without being logged in.

https://www.splunk.com/en_us/product-security/announcements-archive/SP-CAAAP5E.html claims this was fixed for unauthenticated users in Splunk 6.6.0+, but we're running Splunk 8.1.3 (that version info is even printed in /en-US/splunkd/__raw/services/server/info/server-info?output_mode=json !).

Any idea why we could still be affected on Splunk 8.1.3?

Thanks

dimmi_dg · ‎03-20-2025

We have the same issue after scanning on Version: 9.4.0

How can we fix it?

Thank you

hdak · ‎07-16-2022

I solved it editing etc/system/local/restmap.conf.

splunkreal · ‎03-14-2022

Defect SPL-128340 with the description "Change server/info protection to true by default" is solved,

Tested on V8.2.2

* If this helps, please upvote or accept solution if it solved *

Why is Security scan showing CVE-2018-11409 on Splunk 8.1.3?

access control

authentication

permissions

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Are you a member of the Splunk Community?