Vulnerability Details : CVE-2016-10126
Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840.
Exploit prediction scoring system (EPSS) score for CVE-2016-10126
Probability of exploitation activity in the next 30 days: 0.31%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-10126
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-10126
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-10126
-
https://www.splunk.com/view/SP-CAAAPSR
Splunk Enterprise 6.5.0, 6.4.4, 6.3.8, 6.2.12, 6.1.12, 6.0.13, and 5.0.17 address multiple vulnerabilities | SplunkMitigation;Vendor Advisory
-
http://www.securityfocus.com/bid/95412
Splunk Enterprise CVE-2016-10126 Information Disclosure Vulnerability
Products affected by CVE-2016-10126
- cpe:2.3:a:splunk:splunk:6.1.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.1.2:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.1.3:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.2.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.2.3:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.2.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.2.2:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.12:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.0.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.0.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.0.2:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.1.7:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.4:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.5:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.6:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.7:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.0.8:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.1.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.3:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.8:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.10:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.0.4:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.0.6:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.1.4:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.1.6:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.2:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.9:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.11:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.0.3:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.0.5:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.0.7:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.1.5:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.2.4:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.2.5:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.13:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.14:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.15:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.16:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.0.9:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.0.10:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.0.11:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.0.12:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.1.11:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.1.8:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.1.9:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.1.10:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.2.10:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.2.11:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.2.6:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.2.7:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.2.8:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.2.9:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.3.3:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.3.4:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.3.7:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.3.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.3.5:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.3.6:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.3.1:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.3.2:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.4.2:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.4.3:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.4.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:splunk:splunk:6.4.1:*:*:*:enterprise:*:*:*