CVE-2010-2504 Information

Description

Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection aka SPL-31066.

Reference

http://www.splunk.com/view/SP-CAAAFGD