CVE-2016-10126
critical
CVSS v3
9.8
CVSS v2
10.0
VIR risk
9.8
Description
Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://www.splunk.com/view/SP-CAAAPSR
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| splunk | splunk | 5.0.0 | |
| splunk | splunk | 5.0.1 | |
| splunk | splunk | 5.0.2 | |
| splunk | splunk | 5.0.3 | |
| splunk | splunk | 5.0.4 | |
| splunk | splunk | 5.0.5 | |
| splunk | splunk | 5.0.6 | |
| splunk | splunk | 5.0.7 | |
| splunk | splunk | 5.0.8 | |
| splunk | splunk | 5.0.9 | |
| splunk | splunk | 5.0.10 | |
| splunk | splunk | 5.0.11 | |
| splunk | splunk | 5.0.12 | |
| splunk | splunk | 5.0.13 | |
| splunk | splunk | 5.0.14 | |
| splunk | splunk | 5.0.15 | |
| splunk | splunk | 5.0.16 | |
| splunk | splunk | 6.0.0 | |
| splunk | splunk | 6.0.1 | |
| splunk | splunk | 6.0.2 | |
| splunk | splunk | 6.0.3 | |
| splunk | splunk | 6.0.4 | |
| splunk | splunk | 6.0.5 | |
| splunk | splunk | 6.0.6 | |
| splunk | splunk | 6.0.7 | |
| splunk | splunk | 6.0.8 | |
| splunk | splunk | 6.0.9 | |
| splunk | splunk | 6.0.10 | |
| splunk | splunk | 6.0.11 | |
| splunk | splunk | 6.0.12 | |
| splunk | splunk | 6.1.0 | |
| splunk | splunk | 6.1.1 | |
| splunk | splunk | 6.1.2 | |
| splunk | splunk | 6.1.3 | |
| splunk | splunk | 6.1.4 | |
| splunk | splunk | 6.1.5 | |
| splunk | splunk | 6.1.6 | |
| splunk | splunk | 6.1.7 | |
| splunk | splunk | 6.1.8 | |
| splunk | splunk | 6.1.9 | |
| splunk | splunk | 6.1.10 | |
| splunk | splunk | 6.1.11 | |
| splunk | splunk | 6.2.0 | |
| splunk | splunk | 6.2.1 | |
| splunk | splunk | 6.2.2 | |
| splunk | splunk | 6.2.3 | |
| splunk | splunk | 6.2.4 | |
| splunk | splunk | 6.2.5 | |
| splunk | splunk | 6.2.6 | |
| splunk | splunk | 6.2.7 | |
| splunk | splunk | 6.2.8 | |
| splunk | splunk | 6.2.9 | |
| splunk | splunk | 6.2.10 | |
| splunk | splunk | 6.2.11 | |
| splunk | splunk | 6.3.0 | |
| splunk | splunk | 6.3.1 | |
| splunk | splunk | 6.3.2 | |
| splunk | splunk | 6.3.3 | |
| splunk | splunk | 6.3.4 | |
| splunk | splunk | 6.3.5 | |
| splunk | splunk | 6.3.6 | |
| splunk | splunk | 6.3.7 | |
| splunk | splunk | 6.4.0 | |
| splunk | splunk | 6.4.1 | |
| splunk | splunk | 6.4.2 | |
| splunk | splunk | 6.4.3 | |
References
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.