CVE-2011-4642

Published Jan 3, 2012

Last updated 12 years ago

Overview

Description
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.
Source
cve@mitre.org
NVD status
Modified

Social media

Hype score
Not currently trending

Risk scores

CVSS 2.0

Type
Primary
Base score
4.6
Impact score
6.4
Exploitability score
3.9
Vector string
AV:N/AC:H/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov
CWE-352

Configurations