CVE-2013-7337

critical

Description

Splunk version 6.0.1 addresses the following vulnerability: Malformed network input crashes Splunk Enterprise (SPL-75668, CVE-2013-7337) At the time of this announcement, Splunk is not aware of any cases where this vulnerability has been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in communication with Splunk. If there is no CVE Identifier listed with the vulnerability, it will be added once it is assigned by a CVE Numbering Authority. To standardize the calculation of severity scores for each vulnerability, when appropriate, Splunk uses Common Vulnerability Scoring System version 2.

Details

Source: Mitre, NVD

Published: 2013-12-17

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: Critical