Solved: A reflected XSS vulnerability in Splunk 4.0 throug...

Hajime · ‎06-06-2013

Hi,

Does the reflected cross-site scripting vulnerability (SPL-59895, CVE-2012-6447) affect to Splunk 4.0 through 4.3?

If that versions are affected, please tell me what to do.

Thanks,

jbsplunk · ‎06-07-2013

SPL-59895 (CVE-2012-6447 reserved) is for 5.0.0-5.0.2.

The same issue in 4.3.0-4.3.5 is tracked as SPL-60629 (CVE-2013-2766) and was
fixed in 4.3.6 as announced here:

This was already answered:

Recommendation/Mitigation is to upgrade to at least 4.3.6 or 5.0.3

jbsplunk · ‎06-07-2013

SPL-59895 (CVE-2012-6447 reserved) is for 5.0.0-5.0.2.

The same issue in 4.3.0-4.3.5 is tracked as SPL-60629 (CVE-2013-2766) and was
fixed in 4.3.6 as announced here:

This was already answered:

Recommendation/Mitigation is to upgrade to at least 4.3.6 or 5.0.3

Hajime · ‎06-09-2013

Thank you for answering my questions.

A reflected XSS vulnerability in Splunk 4.0 through 4.3?