CVE-2010-2504 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2010-2504

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066.

Affected Software

Name	Vendor	Start Version	End Version
Splunk	Splunk	4.0 (including)	4.0 (including)
Splunk	Splunk	4.0.1 (including)	4.0.1 (including)
Splunk	Splunk	4.0.2 (including)	4.0.2 (including)
Splunk	Splunk	4.0.3 (including)	4.0.3 (including)
Splunk	Splunk	4.0.4 (including)	4.0.4 (including)
Splunk	Splunk	4.0.5 (including)	4.0.5 (including)
Splunk	Splunk	4.0.6 (including)	4.0.6 (including)
Splunk	Splunk	4.0.7 (including)	4.0.7 (including)
Splunk	Splunk	4.0.8 (including)	4.0.8 (including)
Splunk	Splunk	4.0.9 (including)	4.0.9 (including)
Splunk	Splunk	4.0.10 (including)	4.0.10 (including)

References

http://www.splunk.com/view/SP-CAAAFGD
http://www.splunk.com/view/SP-CAAAFGD