NVD

Id
11018  
Name
CVE-2011-4644  
Description
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2012-01-03  
Modified Date
2012-01-26  
Seq
2011-4644  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
61497 11018 CVE-2011-4644 18245  View
61498 11018 CVE-2011-4644 http://www.sec-1.com/blog/?p=233  View
61499 11018 CVE-2011-4644 http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
25295 JVNDB-2012-001002 Splunk における任意のファイルを読まれる脆弱性 Splunk は、free モードが利用される場合に適切に認証を行わないため、(1) 任意のファイルを読まれる、または (2) 限定されたコマンドを実行される脆弱性が存在します。 CVE-2011-4644 52551 CVE-2011-4644 11018 9.3 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001002.html 2012-01-03 2012-01-05 View