What is the severity of CVE-2015-6515?

CVE-2015-6515 is considered a medium severity vulnerability due to the potential for remote cross-site scripting attacks.

How do I fix CVE-2015-6515?

To fix CVE-2015-6515, update Splunk to version 6.2.4 or later, or to 6.1.8, 6.0.9, or 5.0.13 for the respective older versions.

What types of attacks can be executed through CVE-2015-6515?

CVE-2015-6515 allows attackers to inject arbitrary web scripts or HTML through manipulated headers.

Which versions of Splunk are affected by CVE-2015-6515?

CVE-2015-6515 affects Splunk Enterprise versions prior to 6.2.4, 6.1.8, 6.0.9, and 5.0.13, as well as Splunk Light prior to 6.2.4.

Is CVE-2015-6515 easily exploitable?

CVE-2015-6515 is easily exploitable as it allows remote attackers to execute XSS attacks without requiring authentication.

Vulnerability/
CVE-2015-6515

medium

4.3

CWE

18/8/2015

16/9/2024

CVE-2015-6515: XSS

First published: Tue Aug 18 2015(Updated: )

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Splunk	=5.0.0
Splunk	=5.0.1
Splunk	=5.0.2
Splunk	=5.0.3
Splunk	=5.0.4
Splunk	=5.0.5
Splunk	=5.0.6
Splunk	=5.0.7
Splunk	=5.0.8
Splunk	=5.0.9
Splunk	=5.0.10
Splunk	=5.0.11
Splunk	=5.0.12
Splunk	=6.0.0
Splunk	=6.0.1
Splunk	=6.0.2
Splunk	=6.0.3
Splunk	=6.0.4
Splunk	=6.0.5
Splunk	=6.0.6
Splunk	=6.0.7
Splunk	=6.0.8
Splunk	=6.1.0
Splunk	=6.1.1
Splunk	=6.1.2
Splunk	=6.1.3
Splunk	=6.1.4
Splunk	=6.1.5
Splunk	=6.1.6
Splunk	=6.1.7
Splunk	=6.2.0
Splunk	=6.2.0
Splunk	=6.2.1
Splunk	=6.2.1
Splunk	=6.2.2
Splunk	=6.2.2
Splunk	=6.2.3
Splunk	=6.2.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-6515?
CVE-2015-6515 is considered a medium severity vulnerability due to the potential for remote cross-site scripting attacks.
How do I fix CVE-2015-6515?
To fix CVE-2015-6515, update Splunk to version 6.2.4 or later, or to 6.1.8, 6.0.9, or 5.0.13 for the respective older versions.
What types of attacks can be executed through CVE-2015-6515?
CVE-2015-6515 allows attackers to inject arbitrary web scripts or HTML through manipulated headers.
Which versions of Splunk are affected by CVE-2015-6515?
CVE-2015-6515 affects Splunk Enterprise versions prior to 6.2.4, 6.1.8, 6.0.9, and 5.0.13, as well as Splunk Light prior to 6.2.4.
Is CVE-2015-6515 easily exploitable?
CVE-2015-6515 is easily exploitable as it allows remote attackers to execute XSS attacks without requiring authentication.

agent/references
agent/type
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/weakness
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/splunk
canonical/splunk
version/splunk/5.0.0
version/splunk/5.0.1
version/splunk/5.0.2
version/splunk/5.0.3
version/splunk/5.0.4
version/splunk/5.0.5
version/splunk/5.0.6
version/splunk/5.0.7
version/splunk/5.0.8
version/splunk/5.0.9
version/splunk/5.0.10
version/splunk/5.0.11
version/splunk/5.0.12
version/splunk/6.0.0
version/splunk/6.0.1
version/splunk/6.0.2
version/splunk/6.0.3
version/splunk/6.0.4
version/splunk/6.0.5
version/splunk/6.0.6
version/splunk/6.0.7
version/splunk/6.0.8
version/splunk/6.1.0
version/splunk/6.1.1
version/splunk/6.1.2
version/splunk/6.1.3
version/splunk/6.1.4
version/splunk/6.1.5
version/splunk/6.1.6
version/splunk/6.1.7
version/splunk/6.2.0
version/splunk/6.2.1
version/splunk/6.2.2
version/splunk/6.2.3