CVE-2014-5197

medium

Description

Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.

References

http://www.splunk.com/view/SP-CAAAM9H

http://www.securitytracker.com/id/1030690

http://secunia.com/advisories/59940

Details

Source: Mitre, NVD

Published: 2014-08-12

Updated: 2014-08-13

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N