fkie_nvd - fkie_cve-2010-2504

fkie_cve-2010-2504

Vulnerability from fkie_nvd

Published

2010-06-28 18:30

Modified

2025-04-11 00:51

Severity ?

Summary

Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066.

References

▼	URL	Tags
	cve@mitre.org	http://www.splunk.com/view/SP-CAAAFGD	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.splunk.com/view/SP-CAAAFGD	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
splunk	splunk	4.0
splunk	splunk	4.0.1
splunk	splunk	4.0.2
splunk	splunk	4.0.3
splunk	splunk	4.0.4
splunk	splunk	4.0.5
splunk	splunk	4.0.6
splunk	splunk	4.0.7
splunk	splunk	4.0.8
splunk	splunk	4.0.9
splunk	splunk	4.0.10
splunk	splunk	4.1
splunk	splunk	4.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FCFC155-E9C9-4AE3-9CB8-D2244B9E0269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "368E31F0-E8F2-459E-B78E-EEC3AB544669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCB0EF9-08B5-4B91-876D-2C7CF7880AF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1709D44B-DC91-4BCC-982F-7BE361A09FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "62042A83-23C7-478A-BE5C-8C66B6FB59C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB5CDED-459E-4AF9-8747-1F58FA1950E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0705659E-3230-4C28-BA56-F1F2E8BEB83A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FD076DE-EBF4-4829-847A-8B20DD614414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B16311C2-2BB3-42E3-BFF8-860467C10611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "07F6F485-280B-408C-A381-76807862785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "551D7F83-61DD-4333-86ED-B1D38659B76E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B16A56F-EACF-47AC-B541-2D865CC31705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96B57A4-D586-444B-BD14-311AEBC40C00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066."
    },
    {
      "lang": "es",
      "value": "Splunk v4.0 hasta v4.0.10 y v4.1 hasta v4.1.1 permite a usuarios autenticados remotos obtener informaci\u00f3n sensible a trav\u00e9s de una inyecci\u00f3n en la cabecera HTTP tambi\u00e9n conocida como SPL-31066."
    }
  ],
  "id": "CVE-2010-2504",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-06-28T18:30:00.997",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.splunk.com/view/SP-CAAAFGD"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.splunk.com/view/SP-CAAAFGD"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2010-2504 (GCVE-0-2010-2504)

Vulnerability from cvelistv5

Published

2010-06-28 18:06