The Splat Bug

Splat


Splat is a critical vulnerability on 404 pages where an attacker can inject plain text which is then reflected into the page. This attack vector is more commonly known as "content injection on 404 pages". Please note, we are still reaching out to vendors and will update this website when we have more information on how many people have been affected by this vulnerability.

Q&A

How many websites are affected by this issue?

Our research concluded that roughly 50% of all tested websites are affected by this vulnerability. We tested google.com and reddit.com, and then got distracted.

How can I protect myself from this vulnerability?

We highly recommend changing your 404 pages to 405 -- that would prevent content injection on 404 pages.

Why it is called the Splat Bug?

Good question.

Am I affected by the bug?

Depends on how gullible you are.

Can I detect if someone has exploited this against me?

Attacks usually go undetected until it is too late.

Who discovered this bug?

Nobody wants to take credit for finding this bug for some unknown reason.

Tweet