CVE-2011-4642

Splunk - Remote Command Execution

Severity Score

4.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.

mappy.py de Web Splunk de Splunk 4.2.x anteriores a 4.2.5 no restringen apropiadamente el uso del comando "mappy" para acceder a clases Python, lo que permite a administradores autenticados remotos ejecutar código arbitrario utilizando el módulo sys en una petición al motor de búsqueda, como se ha demostrado con un ataque de falsificación de petición en sitios cruzados (CSRF), también conocido como SPL-45172.

*Credits: N/A

CVSS Scores

NISTv2 4.6

Attack Vector

Network

Attack Complexity

High

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-11-30 CVE Reserved
2011-12-15 CVE Published
2011-12-15 First Exploit
2024-08-07 CVE Updated
2024-08-23 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-352: Cross-Site Request Forgery (CSRF)

CAPEC

References (7)

URL	Tag	Source
http://secunia.com/advisories/47232	Third Party Advisory
http://www.securitytracker.com/id?1026451	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/18245	2011-12-15
http://www.exploit-db.com/exploits/18245	2024-08-07
http://www.sec-1.com/blog/?p=233	2024-08-07
http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://www.splunk.com/view/SP-CAAAGMM	2012-11-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Splunk Search vendor "Splunk"		Splunk Search vendor "Splunk" for product "Splunk"				4.2 Search vendor "Splunk" for product "Splunk" and version "4.2"		-		Affected
Splunk Search vendor "Splunk"		Splunk Search vendor "Splunk" for product "Splunk"				4.2.1 Search vendor "Splunk" for product "Splunk" and version "4.2.1"		-		Affected
Splunk Search vendor "Splunk"		Splunk Search vendor "Splunk" for product "Splunk"				4.2.2 Search vendor "Splunk" for product "Splunk" and version "4.2.2"		-		Affected
Splunk Search vendor "Splunk"		Splunk Search vendor "Splunk" for product "Splunk"				4.2.3 Search vendor "Splunk" for product "Splunk" and version "4.2.3"		-		Affected
Splunk Search vendor "Splunk"		Splunk Search vendor "Splunk" for product "Splunk"				4.2.4 Search vendor "Splunk" for product "Splunk" and version "4.2.4"		-		Affected