Vulnerability scanning software returned the following result for a handful of systems in my environment:
"There exists a vulnerability in the CERN web server running on this host that could allow an attacker to gain access to sensitive files on the system. Service: Splunkd CVSSv2: AV:N/AC:L/Au:P/C:N/I:N/A:N (Base Score:5.00)
Remediation Action: Filter out input such as '//' and '/./' from page requests."
Has anyone run across something similar? I'm assuming the service is needed for the Universal Forwarder, but not sure why only a few systems are reporting this vulnerability and not all. The hosts in question are running WIN2012.
