CVE-2017-5880
MEDIUMSplunk Enterprise 5.0.x-6.5.x and Splunk Light < 6.5.2 - Authenticated Denial of Service via Crafted GET Request
Title source: llmDescription
Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted GET request, aka SPL-130279.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.splunk.com/view/SP-CAAAPW8
Scores
CVSS v3
6.5
EPSS
0.0056
EPSS Percentile
68.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (50)
splunk/splunk
5.0.0
splunk/splunk
5.0.1
splunk/splunk
5.0.2
splunk/splunk
5.0.3
splunk/splunk
5.0.4
splunk/splunk
5.0.5
splunk/splunk
5.0.6
splunk/splunk
5.0.7
splunk/splunk
5.0.8
splunk/splunk
5.0.9
... and 40 more
Published
Feb 04, 2017
Tracked Since
Feb 18, 2026