Unrated severityNVD Advisory· Published Aug 7, 2014· Updated Jun 17, 2026
CVE-2013-6771
CVE-2013-6771
Description
Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscript echo.sh" script.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:*range: <=5.0.4
- cpe:2.3:a:splunk:splunk:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk:5.0.3:*:*:*:*:*:*:*
- (no CPE)range: <5.0.5
Patches
Vulnerability mechanics
References
2- www.splunk.com/view/SP-CAAAH76nvdVendor Advisory
- zerodayinitiative.com/advisories/ZDI-14-052/nvd
News mentions
0No linked articles in our index yet.