VYPR
Unrated severityNVD Advisory· Published Jun 1, 2023· Updated Feb 28, 2025

HTTP Response Splitting via the ‘rest’ SPL Command

CVE-2023-32708

Description

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Splunk/Splunk Cloud Platformllm-fuzzy2 versions
    < 9.0.2303.100+ 1 more
    • (no CPE)range: < 9.0.2303.100
    • (no CPE)range: -
  • Splunk/Splunk Enterprisellm-fuzzy2 versions
    < 9.0.5, < 8.2.11, < 8.1.14+ 1 more
    • (no CPE)range: < 9.0.5, < 8.2.11, < 8.1.14
    • (no CPE)range: 8.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.