A vulnerability has be found in Splunk 4.0 - 4.3 that allows partial confidentiality and integrity violation, when a user click on a specifically crafted link that can disclose sensitive information to the attacker. Splunk recommend consumers upgrade to version 4.3.1 and to follow its hardening standard [3] to mitigate the risk of exploitation. [1] http://www.splunk.com/view/SP-CAAAGTK ----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu |
Guy 523 Posts ISC Handler Mar 7th 2012 |
Thread locked Subscribe |
Mar 7th 2012 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!