CVE-2013-6771

Splunk < 5.0.5 - Remote Command Execution via Collect Script File Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscript echo.sh" script.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.splunk.com/view/SP-CAAAH76
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-14-052/

Scores

EPSS 0.0406
EPSS Percentile 88.7%

Details

CWE
CWE-22
Status published
Products (5)
splunk/splunk 5.0
splunk/splunk 5.0.1
splunk/splunk 5.0.2
splunk/splunk 5.0.3
splunk/splunk < 5.0.4
Published Aug 07, 2014
Tracked Since Feb 18, 2026