CVE-2011-4644
Splunk < 4.2.5 - Unauthenticated Arbitrary File Read and Management Command Execution
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-4644. PoCs published by Gary O'Leary-Steele.
AI-analyzed exploit summary This exploit targets CVE-2011-4644, a vulnerability in Splunk that allows remote authentication bypass and potential remote code execution. The script includes functionality for brute-forcing credentials, interacting with Splunk's web and management interfaces, and leveraging session keys for further exploitation.
Description
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.
Exploits (1)
This exploit targets CVE-2011-4644, a vulnerability in Splunk that allows remote authentication bypass and potential remote code execution. The script includes functionality for brute-forcing credentials, interacting with Splunk's web and management interfaces, and leveraging session keys for further exploitation.