Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Security Finding

khusain_splunk
Splunk Employee
Splunk Employee
‎03-31-2019 03:14 AM

Hi,

Please update us if the HTTP OPTIONS can be disabled? What are the affected ports?

Vulnerability Name: HTTP OPTIONS Method Enabled
Description: Web servers that respond to the OPTIONS HTTP method expose what other methods are supported by the web server, allowing attackers to narrow and intensify their efforts.
Remediation: Disable HTTP OPTIONS method on the web server.

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎03-31-2019 06:58 PM

You have not given us the source of this report. We have no reason to believe that it is accurate and we do not have enough details about what they think the vulnerability is to help you mitigate. Why did you not post ALL of the details, including the link to this claim?

0 Karma
Reply

khusain_splunk
Splunk Employee
Splunk Employee
‎03-31-2019 03:15 AM

Hi,

At the moment, the OPTIONS HTTP method cannot be disabled on the Splunk server (tcp/8089). It is enabled for Cross-Origin Resource Sharing (CORS) purpose. However, there are ways to handle this outside of Splunk. You can simply run an Apache or Nginx server to block requests from clients with OPTIONS HTTP method.

It seems to me that an attacker could just an easily try all HTTP methods to see which ones respond; thus blocking this one method seems unlikely to reduce risk much.

You can try changing the port 8089 to something else.

0 Karma
Reply
Get Updates on the Splunk Community!

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...

Stay Connected: Your Guide to February Tech Talks, Office Hours, and Webinars!

💌Keep the new year’s momentum going with our February lineup of Community Office Hours, Tech Talks, ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...