CVE-2023-32708
EUVD-2023-3693501.06.2023, 17:15
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| splunk | splunk | 8.1.0 ≤ 𝑥 < 8.1.14 |
| splunk | splunk | 8.2.0 ≤ 𝑥 < 8.2.11 |
| splunk | splunk | 9.0.0 ≤ 𝑥 < 9.0.5 |
| splunk | splunk_cloud_platform | 𝑥 < 9.0.2303.100 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')The software receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
- CWE-436 - Interpretation ConflictProduct A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.