HTTP Request Injection Vulnerability in Splunk Web

HTTP Request Injection Vulnerability in Splunk Web

CVE-2016-10126 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840.

Learn more about our Web App Pen Testing.