Initial Analysis by NIST 9:21:03 PM Action After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI to enable the remediation. In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. Record truncated, showing 500 of 806 characters. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI ( However, connections from misconfigured nodes without valid certificates did not fail by default. Splunk peer communications configured properly with valid certificates were not vulnerable. View Entire Change Record In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. Record truncated, showing 500 of 659 characters. Please address comments about this page to Vendor AdvisoryĬVE Modified by Splunk Inc. Further, NIST does notĮndorse any commercial products that may be mentioned on Not necessarily endorse the views expressed, or concur with Sites that are more appropriate for your purpose. Inferences should be drawn on account of other sites being Splunk is a search engine and analytic environment that uses a distributed map-reduce architecture to efficiently index, search and process large time-varying data sets. May have information that would be of interest to you. Version 1.9.5 The Splunk Software Development Kit (SDK) for Java contains library code and examples designed to enable developers to build applications using Splunk. We have provided these links to other web sites because they References to Advisories, Solutions, and Toolsīy selecting these links, you will be leaving NIST webspace.
0 Comments
Leave a Reply. |