#VU15454 Improper input validation in Splunk Enterprise and Splunk Light - CVE-2018-7429
Published: October 19, 2018 / Updated: November 13, 2018
Vulnerability identifier: #VU15454
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-7429
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Splunk Enterprise
Splunk Light
Splunk Enterprise
Splunk Light
Software vendor:
Splunk Inc.
Splunk Inc.
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to an error when processing HTTP requests by the Splunkd daemon. A remote attacker can send an HTTP request that submits malicious input and cause the service to crash.
Remediation
Update Splunk Enterprise to 6.2.14, 6.3.11, 6.4.8.
Update Splunk Light to version 6.5.0.
Update Splunk Light to version 6.5.0.