Splunk 4.1.5 addresses XXE and CSRF issues
Splunk was really cool to coordinate with by being responsive, communicative, and open. I was really impressed with their professionalism.
About the bugs:
1. XXE
XXE bugs are fun. For a good example of how XXE bugs work, I'd point at the following advisory by Chris Evans:
Note that in the above bug the XXE existed on the client, allowing an attacker to access the client's local files. In this case the XXE occurs on the server side, so your external entity can point at a resource accessible to Spunk. (Steal files off the server.)
2. CSRF (because it feels dirty to use Fortify's term "Javascript Hijacking")
Certain requests returned Javascript containing the Splunk session key. Attackers could include that script in a malicious page, and obtain the user's session key.
Their advisory is available at:
No comments:
Post a Comment