- Home
- CVEs with nessus.description==According to its version number, the Splunk Enterprise hosted on the remote web server is 6.0.x prior to 6.0.6. It is, therefore, affected by the following vulnerabilities :
- The included OpenSSL library contains a TLS downgrade weakness. By using fragmented ClientHello messages, a remote, man-in-the-middle attacker can force a downgrade to TLS 1.0. (CVE-2014-3511)
- A cross-site scripting vulnerability exists due to improper validation of user-supplied input when parsing events. This allows a remote attacker, using a specially crafted request, to execute arbitrary script code in the user's browser session within the trust relationship.
(CVE-2014-8303)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top