cnvd - cnvd-2017-05115

cnvd-2017-05115

Vulnerability from cnvd

Title: Splunk Enterprise和Light信息泄露漏洞

Description:

Splunk是美国Splunk公司的一套数据收集分析软件。该软件主要用于收集、索引和分析机器产生的数据，包括所有IT系统和基础结构（物理、虚拟和云）生成的数据。Splunk Enterprise是一个企业版。Splunk Light是一套专为小型IT环境而设计的自动日志检索与分析解决方案。

Splunk Enterprise和Light中存在信息泄露漏洞。攻击者可利用该漏洞获取敏感信息。

Severity: 中

Patch Name: Splunk Enterprise和Light信息泄露漏洞的补丁

Patch Description:

Splunk Enterprise和Light中存在信息泄露漏洞。攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://www.splunk.com/view/SP-CAAAPZ3

Reference: https://www.exploit-db.com/exploits/41779/

Impacted products

Name
['Splunk Enterprise 6.5.，<6.5.3', 'Splunk Enterprise 6.4.，<6.4.6', 'Splunk Enterprise 6.3.，<6.3.10', 'Splunk Enterprise 6.2.，<6.2.13.1', 'Splunk Enterprise 6.1.，<6.1.13', 'Splunk Enterprise 6.0.，<6.0.14', 'Splunk Enterprise 5.0.*，<5.0.18', 'Splunk Light <6.5.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5607"
    }
  },
  "description": "Splunk\u662f\u7f8e\u56fdSplunk\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u6536\u96c6\u5206\u6790\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u4e3b\u8981\u7528\u4e8e\u6536\u96c6\u3001\u7d22\u5f15\u548c\u5206\u6790\u673a\u5668\u4ea7\u751f\u7684\u6570\u636e\uff0c\u5305\u62ec\u6240\u6709IT\u7cfb\u7edf\u548c\u57fa\u7840\u7ed3\u6784\uff08\u7269\u7406\u3001\u865a\u62df\u548c\u4e91\uff09\u751f\u6210\u7684\u6570\u636e\u3002Splunk Enterprise\u662f\u4e00\u4e2a\u4f01\u4e1a\u7248\u3002Splunk Light\u662f\u4e00\u5957\u4e13\u4e3a\u5c0f\u578bIT\u73af\u5883\u800c\u8bbe\u8ba1\u7684\u81ea\u52a8\u65e5\u5fd7\u68c0\u7d22\u4e0e\u5206\u6790\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nSplunk Enterprise\u548cLight\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "John Page (hyp3rlinx)",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www.splunk.com/view/SP-CAAAPZ3",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05115",
  "openTime": "2017-04-23",
  "patchDescription": "Splunk\u662f\u7f8e\u56fdSplunk\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u6536\u96c6\u5206\u6790\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u4e3b\u8981\u7528\u4e8e\u6536\u96c6\u3001\u7d22\u5f15\u548c\u5206\u6790\u673a\u5668\u4ea7\u751f\u7684\u6570\u636e\uff0c\u5305\u62ec\u6240\u6709IT\u7cfb\u7edf\u548c\u57fa\u7840\u7ed3\u6784\uff08\u7269\u7406\u3001\u865a\u62df\u548c\u4e91\uff09\u751f\u6210\u7684\u6570\u636e\u3002Splunk Enterprise\u662f\u4e00\u4e2a\u4f01\u4e1a\u7248\u3002Splunk Light\u662f\u4e00\u5957\u4e13\u4e3a\u5c0f\u578bIT\u73af\u5883\u800c\u8bbe\u8ba1\u7684\u81ea\u52a8\u65e5\u5fd7\u68c0\u7d22\u4e0e\u5206\u6790\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nSplunk Enterprise\u548cLight\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Splunk Enterprise\u548cLight\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Splunk Enterprise 6.5.*\uff0c\u003c6.5.3",
      "Splunk Enterprise 6.4.*\uff0c\u003c6.4.6",
      "Splunk Enterprise 6.3.*\uff0c\u003c6.3.10",
      "Splunk Enterprise 6.2.*\uff0c\u003c6.2.13.1",
      "Splunk Enterprise 6.1.*\uff0c\u003c6.1.13",
      "Splunk Enterprise 6.0.*\uff0c\u003c6.0.14",
      "Splunk Enterprise 5.0.*\uff0c\u003c5.0.18",
      "Splunk Light \u003c6.5.2"
    ]
  },
  "referenceLink": "https://www.exploit-db.com/exploits/41779/",
  "serverity": "\u4e2d",
  "submitTime": "2017-04-01",
  "title": "Splunk Enterprise\u548cLight\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2017-5607 (GCVE-0-2017-5607)

Vulnerability from cvelistv5

Published

2017-04-10 15:00

Modified

2024-08-05 15:04

Severity ?

CWE

Summary

Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1038170	vdb-entry, x_refsource_SECTRACK
	https://www.exploit-db.com/exploits/41779/	exploit, x_refsource_EXPLOIT-DB
	http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt	x_refsource_MISC
	http://www.securityfocus.com/bid/97286	vdb-entry, x_refsource_BID
	http://seclists.org/fulldisclosure/2017/Mar/89	mailing-list, x_refsource_FULLDISC
	https://www.splunk.com/view/SP-CAAAPZ3#InformationLeakageviaJavaScriptCVE20175607	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/540346/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/97265	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:04:15.344Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038170",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038170"
          },
          {
            "name": "41779",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41779/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt"
          },
          {
            "name": "97286",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97286"
          },
          {
            "name": "20170330 Splunk Enterprise Information Theft - CVE-2017-5607",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Mar/89"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.splunk.com/view/SP-CAAAPZ3#InformationLeakageviaJavaScriptCVE20175607"
          },
          {
            "name": "20170401 Splunk Enterprise Information Theft CVE-2017-5607",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540346/100/0/threaded"
          },
          {
            "name": "97265",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97265"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1038170",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038170"
        },
        {
          "name": "41779",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41779/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt"
        },
        {
          "name": "97286",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97286"
        },
        {
          "name": "20170330 Splunk Enterprise Information Theft - CVE-2017-5607",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Mar/89"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.splunk.com/view/SP-CAAAPZ3#InformationLeakageviaJavaScriptCVE20175607"
        },
        {
          "name": "20170401 Splunk Enterprise Information Theft CVE-2017-5607",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/540346/100/0/threaded"
        },
        {
          "name": "97265",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97265"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-5607",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace, which might allow remote attackers to obtain sensitive logged-in username and version-related information via a crafted webpage."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038170",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038170"
            },
            {
              "name": "41779",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41779/"
            },
            {
              "name": "http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt",
              "refsource": "MISC",
              "url": "http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt"
            },
            {
              "name": "97286",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97286"
            },
            {
              "name": "20170330 Splunk Enterprise Information Theft - CVE-2017-5607",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2017/Mar/89"
            },
            {
              "name": "https://www.splunk.com/view/SP-CAAAPZ3#InformationLeakageviaJavaScriptCVE20175607",
              "refsource": "CONFIRM",
              "url": "https://www.splunk.com/view/SP-CAAAPZ3#InformationLeakageviaJavaScriptCVE20175607"
            },
            {
              "name": "20170401 Splunk Enterprise Information Theft CVE-2017-5607",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/540346/100/0/threaded"
            },
            {
              "name": "97265",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97265"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-5607",
    "datePublished": "2017-04-10T15:00:00",
    "dateReserved": "2017-01-28T00:00:00",
    "dateUpdated": "2024-08-05T15:04:15.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted