- Description
- Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscript echo.sh" script.
- Source
- cve@mitre.org
- NVD status
- Modified
- Products
- splunk
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-22
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B38D97E5-7CE5-41D8-8A86-C4AB3795BA04",
"versionEndIncluding": "5.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C505FC5B-E1FB-45F6-8AE9-B6AB85D8B8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD5CA90-779D-4A29-B763-D26F2EDA57E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF23AA2D-DE4A-4E23-A7F1-557668D393BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68651DCE-E568-4929-851F-CC2724E4E8D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]