CVE-2011-4642

Splunk - CSRF

Title source: rule

Description

mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Gary O'Leary-Steele · pythonremotemultiple

https://www.exploit-db.com/exploits/18245

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Gary O, , # Vulnerability discovery and exploit · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/splunk_mappy_exec.rb

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://www.splunk.com/view/SP-CAAAGMM

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1026451

[Exploit] http://www.sec-1.com/blog/?p=233

[Third Party Advisory] http://secunia.com/advisories/47232

[Exploit] http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf

[Exploit] http://www.exploit-db.com/exploits/18245/

Scores

EPSS 0.1869

EPSS Percentile 95.3%

Details

CWE

CWE-352

Status published

Products (5)

splunk/splunk 4.2

splunk/splunk 4.2.1

splunk/splunk 4.2.2

splunk/splunk 4.2.3

splunk/splunk 4.2.4

Published Jan 03, 2012

Tracked Since Feb 18, 2026