CVE-2017-5880 Information

Description

Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2 6.4.x before 6.4.5 6.3.x before 6.3.9 6.2.x before 6.2.13 6.1.x before 6.1.12 6.0.x before 6.0.13 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted GET request aka SPL-130279.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

http://www.splunk.com/view/SP-CAAAPW8

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5