ID	1090501675
Created	Feb 15, 2023
Updated	Feb 15, 2023
Severity
Default Action	pass
Active
Affected OS	All
Affected App	Other
Engine Version	5.0.0 or later

Legend

Enabled/Available
Disabled/Not Available

Update History

Date	Version	Detail
2023-02-15	0.00341

Refine Search

Threat Encyclopedia

Splunk.Enterprise.REST.Information.Disclosure

Description

This indicates an attack attempt to exploit a Information Disclosure vulnerability in Splunk Enterprise.
The vulnerability is due to an error when handling crafted HTTP reqeust. A remote attacker can exploit this vulnerability by sending crafted HTTP request. Successful exploitation could result in the disclosure of sensitive information which may be used to further compromise the target system.

Affected Products

Splunk Enterprise versions prior to 7.0.1

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.splunk.com/en_us/product-security/announcements-archive/SP-CAAAP5E.html

CVE References

CVE-2018-11409

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiGate

FortiClient

FortiSandBox

FortiMail

FortiADC

FortiWeb

FortiCNP

FortiNDR

FortiDeceptor

FortiEDR

FortiAnalyzer