Monitoring Splunk

Splunk Security Finding

khusain_splunk
Splunk Employee
Splunk Employee

Hi,

Please update us if the HTTP OPTIONS can be disabled? What are the affected ports?

Vulnerability Name: HTTP OPTIONS Method Enabled
Description: Web servers that respond to the OPTIONS HTTP method expose what other methods are supported by the web server, allowing attackers to narrow and intensify their efforts.
Remediation: Disable HTTP OPTIONS method on the web server.

Tags (1)
0 Karma

woodcock
Esteemed Legend

You have not given us the source of this report. We have no reason to believe that it is accurate and we do not have enough details about what they think the vulnerability is to help you mitigate. Why did you not post ALL of the details, including the link to this claim?

0 Karma

khusain_splunk
Splunk Employee
Splunk Employee

Hi,

At the moment, the OPTIONS HTTP method cannot be disabled on the Splunk server (tcp/8089). It is enabled for Cross-Origin Resource Sharing (CORS) purpose. However, there are ways to handle this outside of Splunk. You can simply run an Apache or Nginx server to block requests from clients with OPTIONS HTTP method.

It seems to me that an attacker could just an easily try all HTTP methods to see which ones respond; thus blocking this one method seems unlikely to reduce risk much.

You can try changing the port 8089 to something else.

0 Karma
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...