Splunk <9.0.5/8.2.11/8.1.14 & Cloud <9.0.2303.100: HTTP Resp Splitting REST SPL
CVE-2023-32708 Published on June 1, 2023
HTTP Response Splitting via the ‘rest’ SPL Command
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the rest SPL command that lets them potentially access other REST endpoints in the system arbitrarily.
Weakness Type
What is a HTTP Response Splitting Vulnerability?
The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
CVE-2023-32708 has been classified to as a HTTP Response Splitting vulnerability or weakness.
Products Associated with CVE-2023-32708
stack.watch emails you whenever new vulnerabilities are published in Splunk Cloud Platform or Splunk. Just hit a watch button to start following.
Affected Versions
Splunk Enterprise:- Version 8.1 and below 8.1.14 is affected.
- Version 8.2 and below 8.2.11 is affected.
- Version 9.0 and below 9.0.5 is affected.
- Version - and below 9.0.2303.100 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.