Vulnerability Description
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Splunk | Splunk | 4.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/47232
- http://www.exploit-db.com/exploits/18245/Exploit
- http://www.sec-1.com/blog/?p=233Exploit
- http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdExploit
- http://www.securitytracker.com/id?1026451
- http://www.splunk.com/view/SP-CAAAGMMVendor Advisory
- http://secunia.com/advisories/47232
- http://www.exploit-db.com/exploits/18245/Exploit
- http://www.sec-1.com/blog/?p=233Exploit
- http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdExploit
- http://www.securitytracker.com/id?1026451
- http://www.splunk.com/view/SP-CAAAGMMVendor Advisory
FAQ
What is CVE-2011-4642?
CVE-2011-4642 is a vulnerability with a CVSS score of 4.6 (MEDIUM). mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary ...
How severe is CVE-2011-4642?
CVE-2011-4642 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4642?
Check the references section above for vendor advisories and patch information. Affected products include: Splunk Splunk.