- Home
- CVEs with nessus.description==According to its version number, the Splunk Enterprise hosted on the
remote web server is 5.0.x prior to 5.0.10 or 6.1.x prior to 6.1.4. It
is, therefore, affected by the following vulnerabilities :
- The included OpenSSL library contains a TLS downgrade
weakness. By using fragmented ClientHello messages, a
remote man-in-the-middle attacker can force downgrading
to TLS 1.0. (CVE-2014-3511)
- A cross-site scripting flaw exists due to improper
validation of user-supplied input to the HTTP referrer
header. A remote attacker can exploit this, using a
specially crafted request, to execute arbitrary script
code in the user's browser session within the trust
relationship. Note that this only affects the 5.0.x
branch. (CVE-2014-8301)
- A cross-site scripting vulnerability exists within the
Dashboard due to improper validation of user-supplied
input. A remote attacker can exploit this, using a
specially crafted request, to execute arbitrary script
code in the user's browser session within the trust
relationship. (CVE-2014-8302)
- A cross-site scripting vulnerabilities exists due to
improper validation of user-supplied input when parsing
events. This allows a remote attacker, using a specially
crafted request, to execute arbitrary script code in the
user's browser session within the trust relationship.
(CVE-2014-8303)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top