- Home
- CVEs with nessus.description==According to its version number, the Splunk Enterprise hosted on the
remote web server is 6.0.x prior to 6.0.6. It is, therefore, affected
by the following vulnerabilities :
- The included OpenSSL library contains a TLS downgrade
weakness. By using fragmented ClientHello messages, a
remote, man-in-the-middle attacker can force a downgrade
to TLS 1.0. (CVE-2014-3511)
- A cross-site scripting vulnerability exists due to
improper validation of user-supplied input when parsing
events. This allows a remote attacker, using a specially
crafted request, to execute arbitrary script code in the
user's browser session within the trust relationship.
(CVE-2014-8303)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top