CVE-2017-5880

MEDIUM

Splunk < 6.5.1 - Improper Input Validation

Title source: rule

Description

Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted GET request, aka SPL-130279.

References (1)

[Patch, Vendor Advisory] http://www.splunk.com/view/SP-CAAAPW8

Scores

CVSS v3 6.5

EPSS 0.0056

EPSS Percentile 67.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-20

Status published

Affected Products (50)

splunk/splunk < 6.5.1

splunk/splunk

... and 35 more

Timeline

Published Feb 04, 2017

Tracked Since Feb 18, 2026