CVE-2014-5197 Information

Description

Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI related to search ids.

Reference

http://secunia.com/advisories/59940 http://www.securitytracker.com/id/1030690 http://www.splunk.com/view/SP-CAAAM9H