CVE-2010-3323
Splunk 4.0.0-4.1.4 - Session Hijacking via SPLUNKD_SESSION_KEY Parameter
Title source: llmDescription
Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session hijacking attacks and obtain the splunkd session key via vectors related to the SPLUNKD_SESSION_KEY parameter.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.splunk.com/view/SP-CAAAFQ6
Scores
EPSS
0.0039
EPSS Percentile
60.3%
Details
Status
published
Products (17)
splunk/splunk
4.0
splunk/splunk
4.0.1
splunk/splunk
4.0.2
splunk/splunk
4.0.3
splunk/splunk
4.0.4
splunk/splunk
4.0.5
splunk/splunk
4.0.6
splunk/splunk
4.0.7
splunk/splunk
4.0.8
splunk/splunk
4.0.9
... and 7 more
Published
Sep 14, 2010
Tracked Since
Feb 18, 2026