×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
wuka1988
Explorer
Member since: ‎03-09-2020
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 2
Member Since ‎03-09-2020
View All

Re: Information Disclosure Vulnerability - Splunk ...

by in Splunk Enterprise
‎03-10-2020 09:49 AM
2 Karma
‎03-10-2020 09:49 AM
2 Karma
Fixed it. The restmap.conf file (Splunk/etc/system/local/restmap.conf) was set to allow unauthenticated users to view system information through a REST endpoint. The stanzas should read as follows: [admin:server-info] requireAuthentication = true [admin:server-info-alias] requireAuthentication = true ... View more

Re: Information Disclosure Vulnerability - Splunk ...

by in Splunk Enterprise
‎03-10-2020 08:26 AM
‎03-10-2020 08:26 AM
Well, its not Nessus. It's a Splunk issue. I can reach this URL unauthenticated (https://<>:8000/en-US/splunkd/__raw/services/server/info/server-info?output_mode=json) and get the disclosed information. ... View more

Information Disclosure Vulnerability - Splunk 7.2....

by in Splunk Enterprise
‎03-09-2020 10:56 AM
‎03-09-2020 10:56 AM
I have upgraded Splunk Enterprise to 7.2.4.2 as well as the forwarder. However, the Splunk Information Disclosure Vulnerability remains an issue. I can reach this URL unathenticated (https://<>:8000/en-US/splunkd/__raw/services/server/info/server-info?output_mode=json) and receive the disclosed server info. The upgrade should've resolved it per the Splunk doc. (Nessus Plug-in 121164) ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All