Lucene search

[email protected]CVE-2016-10126

HistoryJan 10, 2017 - 11:59 a.m.

CVE-2016-10126

2017-01-1011:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2016-10126

splunk web

splunk enterprise

http request injection

rest api

authentication-token

spl-128840

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.2%

JSON

Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840.

Affected configurations

NVD

Node

splunksplunkMatch5.0.0enterprise

splunksplunkMatch5.0.1enterprise

splunksplunkMatch5.0.2enterprise

splunksplunkMatch5.0.3enterprise

splunksplunkMatch5.0.4enterprise

splunksplunkMatch5.0.5enterprise

splunksplunkMatch5.0.6enterprise

splunksplunkMatch5.0.7enterprise

splunksplunkMatch5.0.8enterprise

splunksplunkMatch5.0.9enterprise

splunksplunkMatch5.0.10enterprise

splunksplunkMatch5.0.11enterprise

splunksplunkMatch5.0.12enterprise

splunksplunkMatch5.0.13enterprise

splunksplunkMatch5.0.14enterprise

splunksplunkMatch5.0.15enterprise

splunksplunkMatch5.0.16enterprise

Node

splunksplunkMatch6.0.0enterprise

splunksplunkMatch6.0.1enterprise

splunksplunkMatch6.0.2enterprise

splunksplunkMatch6.0.3enterprise

splunksplunkMatch6.0.4enterprise

splunksplunkMatch6.0.5enterprise

splunksplunkMatch6.0.6enterprise

splunksplunkMatch6.0.7enterprise

splunksplunkMatch6.0.8enterprise

splunksplunkMatch6.0.9enterprise

splunksplunkMatch6.0.10enterprise

splunksplunkMatch6.0.11enterprise

splunksplunkMatch6.0.12enterprise

Node

splunksplunkMatch6.1.0enterprise

splunksplunkMatch6.1.1enterprise

splunksplunkMatch6.1.2enterprise

splunksplunkMatch6.1.3enterprise

splunksplunkMatch6.1.4enterprise

splunksplunkMatch6.1.5enterprise

splunksplunkMatch6.1.6enterprise

splunksplunkMatch6.1.7enterprise

splunksplunkMatch6.1.8enterprise

splunksplunkMatch6.1.9enterprise

splunksplunkMatch6.1.10enterprise

splunksplunkMatch6.1.11enterprise

Node

splunksplunkMatch6.2.0enterprise

splunksplunkMatch6.2.1enterprise

splunksplunkMatch6.2.2enterprise

splunksplunkMatch6.2.3enterprise

splunksplunkMatch6.2.4enterprise

splunksplunkMatch6.2.5enterprise

splunksplunkMatch6.2.6enterprise

splunksplunkMatch6.2.7enterprise

splunksplunkMatch6.2.8enterprise

splunksplunkMatch6.2.9enterprise

splunksplunkMatch6.2.10enterprise

splunksplunkMatch6.2.11enterprise

Node

splunksplunkMatch6.3.0enterprise

splunksplunkMatch6.3.1enterprise

splunksplunkMatch6.3.2enterprise

splunksplunkMatch6.3.3enterprise

splunksplunkMatch6.3.4enterprise

splunksplunkMatch6.3.5enterprise

splunksplunkMatch6.3.6enterprise

splunksplunkMatch6.3.7enterprise

Node

splunksplunkMatch6.4.0enterprise

splunksplunkMatch6.4.1enterprise

splunksplunkMatch6.4.2enterprise

splunksplunkMatch6.4.3enterprise

CPENameOperatorVersion
splunk:splunksplunkeq5.0.0
splunk:splunksplunkeq5.0.1
splunk:splunksplunkeq5.0.2
splunk:splunksplunkeq5.0.3
splunk:splunksplunkeq5.0.4
splunk:splunksplunkeq5.0.5
splunk:splunksplunkeq5.0.6
splunk:splunksplunkeq5.0.7
splunk:splunksplunkeq5.0.8
splunk:splunksplunkeq5.0.9

CPE	Name	Operator	Version
splunk:splunk	splunk	eq	5.0.0
splunk:splunk	splunk	eq	5.0.1
splunk:splunk	splunk	eq	5.0.2
splunk:splunk	splunk	eq	5.0.3
splunk:splunk	splunk	eq	5.0.4
splunk:splunk	splunk	eq	5.0.5
splunk:splunk	splunk	eq	5.0.6
splunk:splunk	splunk	eq	5.0.7
splunk:splunk	splunk	eq	5.0.8
splunk:splunk	splunk	eq	5.0.9

Rows per page:

1-10 of 171

References

www.securityfocus.com/bid/95412

www.splunk.com/view/SP-CAAAPSR

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.2%

JSON

Related for CVE-2016-10126

nvd1 openvas1 prion1 cvelist1