CVE

Id
102427  
CVE No.
CVE-2017-5607  
Status
Candidate  
Description
Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage.  
Phase
Assigned (20170128)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
805255 102427 CVE-2017-5607 BUGTRAQ:20170401 Splunk Enterprise Information Theft CVE-2017-5607  View
805256 102427 CVE-2017-5607 URL:http://www.securityfocus.com/archive/1/archive/1/540346/100/0/threaded  View
805257 102427 CVE-2017-5607 EXPLOIT-DB:41779  View
805258 102427 CVE-2017-5607 URL:https://www.exploit-db.com/exploits/41779/  View
805259 102427 CVE-2017-5607 FULLDISC:20170330 Splunk Enterprise Information Theft - CVE-2017-5607  View
805260 102427 CVE-2017-5607 URL:http://seclists.org/fulldisclosure/2017/Mar/89  View
805261 102427 CVE-2017-5607 MISC:http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt  View
805262 102427 CVE-2017-5607 CONFIRM:https://www.splunk.com/view/SP-CAAAPZ3#InformationLeakageviaJavaScriptCVE20175607  View
805263 102427 CVE-2017-5607 BID:97265  View
805264 102427 CVE-2017-5607 URL:http://www.securityfocus.com/bid/97265  View
805265 102427 CVE-2017-5607 BID:97286  View
805266 102427 CVE-2017-5607 URL:http://www.securityfocus.com/bid/97286  View
805267 102427 CVE-2017-5607 SECTRACK:1038170  View

Related JVN