Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2013-1871: Red Hat Customer Portal - Access to 24x7 support and knowledge

Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.

CVE
#sql#xss#vulnerability#web#linux#red_hat#nodejs#js#java#oracle#kubernetes

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Red Hat Customer Portal

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2014-02-10

Updated:

2014-02-10

RHSA-2014:0148 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: spacewalk-java, spacewalk-web and satellite-branding security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated spacewalk-java, spacewalk-web, and satellite-branding packages that
fix multiple security issues are now available for Red Hat Satellite 5.6.

The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

Red Hat Satellite is a systems management tool for Linux-based
infrastructures. It allows for provisioning, remote management and
monitoring of multiple Linux deployments with a single, centralized tool.

A cross-site scripting (XSS) flaw was found in the way the Red Hat
Satellite web interface performed sanitization of notes for registered
systems. A remote authenticated Red Hat Satellite user could create a
malicious note that, when viewed by a victim, could execute arbitrary web
script with the privileges of the user viewing that note. (CVE-2012-6149)

Multiple cross-site scripting (XSS) flaws were found in the Red Hat
Satellite web interface. A remote attacker could provide a specially
crafted link that, when visited by an authenticated Red Hat Satellite user,
would lead to arbitrary web script execution in the context of the user’s
web interface session. (CVE-2013-1871, CVE-2013-4415)

An HTTP header injection flaw was found in the way the Red Hat Satellite
web interface processed the return URL parameter for all HTTP GET requests.
A remote attacker could use this flaw to conduct cross-site scripting (XSS)
and HTTP response splitting attacks against users visiting the site.
(CVE-2013-1869)

Red Hat would like to thank Ben Ford of Puppet Labs for reporting
CVE-2012-6149, Ryan Giobbi of UPMC for reporting CVE-2013-1869 and
CVE-2013-1871, and Adam Willard and Jose Carlos de Arriba of Foreground
Security for reporting CVE-2013-4415.

Users of Red Hat Satellite 5.6 are advised to upgrade to these updated
packages, which resolve these issues. For this update to take effect, Red
Hat Satellite must be restarted. Refer to the Solution section for details.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Run the following command to restart the Red Hat Satellite server:

# rhn-satellite restart

Affected Products

  • Red Hat Satellite 5.6 for RHEL 6 x86_64
  • Red Hat Satellite 5.6 for RHEL 6 s390x
  • Red Hat Satellite 5.6 for RHEL 5 x86_64
  • Red Hat Satellite 5.6 for RHEL 5 s390x
  • Red Hat Satellite 5 Managed DB 5.6 for RHEL 6 x86_64
  • Red Hat Satellite 5 Managed DB 5.6 for RHEL 6 s390x
  • Red Hat Satellite 5 Managed DB 5.6 for RHEL 5 x86_64
  • Red Hat Satellite 5 Managed DB 5.6 for RHEL 5 s390x

Fixes

  • BZ - 882000 - CVE-2012-6149 Satellite, Spacewalk (spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note’s subject and content
  • BZ - 923464 - CVE-2013-1869 Satellite/Spacewalk: header injection flaw
  • BZ - 923467 - CVE-2013-1871 Satellite/Spacewalk: XSS in EditAddress page
  • BZ - 979452 - CVE-2013-4415 Red Hat Satellite, Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)

CVEs

  • CVE-2012-6149
  • CVE-2013-1869
  • CVE-2013-4415
  • CVE-2013-1871

Red Hat Satellite 5.6 for RHEL 6

SRPM

satellite-branding-5.6.0.23-1.el6sat.src.rpm

SHA-256: 5b70c8c29e1fc752aef5fa2a2a6c7c3a993b79f6a5f87708f04b7cde39895541

spacewalk-java-2.0.2-58.el6sat.src.rpm

SHA-256: b55c5af7fdb7312e41851c99ea62156903fbfb088900c56880ddd707fcbafa60

spacewalk-web-2.0.3-19.el6sat.src.rpm

SHA-256: e935706c15bb0c987110911669b7a4b7c51c9a081c71cadbb3f19a142de0c4d0

x86_64

satellite-branding-5.6.0.23-1.el6sat.noarch.rpm

SHA-256: 708ca0007a510b565b51aaa22916d47338267c8fee8ff087df4d5f73eff0eb48

spacewalk-base-2.0.3-19.el6sat.noarch.rpm

SHA-256: dbd6904a5a8a30411383a6e4ce18d4b4dfa6c9dff27a025c61f2510c3e425151

spacewalk-base-minimal-2.0.3-19.el6sat.noarch.rpm

SHA-256: bdc3995071172eaec282cd21ddb13082b6e6e923105b99b4e3a066e70d3f5078

spacewalk-base-minimal-config-2.0.3-19.el6sat.noarch.rpm

SHA-256: 8d2eecf17ae2b4c9158b07715d4ce59a538221a12c65fd85400111e9bc79aec3

spacewalk-dobby-2.0.3-19.el6sat.noarch.rpm

SHA-256: 3c437d97152ef021d4951c0cc0aa1d62dfbcdb03a0ece2fff6086f8842431abd

spacewalk-grail-2.0.3-19.el6sat.noarch.rpm

SHA-256: 9ffde5cfc7386efa9e9d37005fd7ab0dc12a0dd0d02efe0e347282ec47594dc8

spacewalk-html-2.0.3-19.el6sat.noarch.rpm

SHA-256: 9780a9788f688aa80eb751bb8b45f1ca5607e37c901e66f4dc097ec045dcdd7b

spacewalk-java-2.0.2-58.el6sat.noarch.rpm

SHA-256: d1f2a6097b62382782f59a54e9779c3f37847779476cdb851ad92563b9ee6179

spacewalk-java-config-2.0.2-58.el6sat.noarch.rpm

SHA-256: efda3bbf7b9803529916b66d5f6507889fe8073862cbe4b0a76566055821a57d

spacewalk-java-lib-2.0.2-58.el6sat.noarch.rpm

SHA-256: 8df456ed9dd1e45d08c1032785964cdf8344be1a2d4e202deca9362c32daa114

spacewalk-java-oracle-2.0.2-58.el6sat.noarch.rpm

SHA-256: 2b371c974bd28568eedce276e0966bc9e0f4f1f335d28f038c4ca8d0f135ce56

spacewalk-java-postgresql-2.0.2-58.el6sat.noarch.rpm

SHA-256: f8ac405ba34e032ee98dc106e7df32bb6e0d4b9e188df9c504e2750661d4ac42

spacewalk-pxt-2.0.3-19.el6sat.noarch.rpm

SHA-256: 9baba7747e49d7ef41eafafefd681b36225bcd3d33bb7e7e892139d16ba6b09f

spacewalk-sniglets-2.0.3-19.el6sat.noarch.rpm

SHA-256: 71e29eec657eab5d19d18f89f87d351dd54b8ca429c6fad6b3ea4f98d99b1f0a

spacewalk-taskomatic-2.0.2-58.el6sat.noarch.rpm

SHA-256: 17642a88e50853cb575e0267481b9f0819418c27f350b66b21999e0c11b29654

s390x

satellite-branding-5.6.0.23-1.el6sat.noarch.rpm

SHA-256: 708ca0007a510b565b51aaa22916d47338267c8fee8ff087df4d5f73eff0eb48

spacewalk-base-2.0.3-19.el6sat.noarch.rpm

SHA-256: dbd6904a5a8a30411383a6e4ce18d4b4dfa6c9dff27a025c61f2510c3e425151

spacewalk-base-minimal-2.0.3-19.el6sat.noarch.rpm

SHA-256: bdc3995071172eaec282cd21ddb13082b6e6e923105b99b4e3a066e70d3f5078

spacewalk-base-minimal-config-2.0.3-19.el6sat.noarch.rpm

SHA-256: 8d2eecf17ae2b4c9158b07715d4ce59a538221a12c65fd85400111e9bc79aec3

spacewalk-dobby-2.0.3-19.el6sat.noarch.rpm

SHA-256: 3c437d97152ef021d4951c0cc0aa1d62dfbcdb03a0ece2fff6086f8842431abd

spacewalk-grail-2.0.3-19.el6sat.noarch.rpm

SHA-256: 9ffde5cfc7386efa9e9d37005fd7ab0dc12a0dd0d02efe0e347282ec47594dc8

spacewalk-html-2.0.3-19.el6sat.noarch.rpm

SHA-256: 9780a9788f688aa80eb751bb8b45f1ca5607e37c901e66f4dc097ec045dcdd7b

spacewalk-java-2.0.2-58.el6sat.noarch.rpm

SHA-256: d1f2a6097b62382782f59a54e9779c3f37847779476cdb851ad92563b9ee6179

spacewalk-java-config-2.0.2-58.el6sat.noarch.rpm

SHA-256: efda3bbf7b9803529916b66d5f6507889fe8073862cbe4b0a76566055821a57d

spacewalk-java-lib-2.0.2-58.el6sat.noarch.rpm

SHA-256: 8df456ed9dd1e45d08c1032785964cdf8344be1a2d4e202deca9362c32daa114

spacewalk-java-oracle-2.0.2-58.el6sat.noarch.rpm

SHA-256: 2b371c974bd28568eedce276e0966bc9e0f4f1f335d28f038c4ca8d0f135ce56

spacewalk-java-postgresql-2.0.2-58.el6sat.noarch.rpm

SHA-256: f8ac405ba34e032ee98dc106e7df32bb6e0d4b9e188df9c504e2750661d4ac42

spacewalk-pxt-2.0.3-19.el6sat.noarch.rpm

SHA-256: 9baba7747e49d7ef41eafafefd681b36225bcd3d33bb7e7e892139d16ba6b09f

spacewalk-sniglets-2.0.3-19.el6sat.noarch.rpm

SHA-256: 71e29eec657eab5d19d18f89f87d351dd54b8ca429c6fad6b3ea4f98d99b1f0a

spacewalk-taskomatic-2.0.2-58.el6sat.noarch.rpm

SHA-256: 17642a88e50853cb575e0267481b9f0819418c27f350b66b21999e0c11b29654

Red Hat Satellite 5.6 for RHEL 5

SRPM

satellite-branding-5.6.0.23-1.el5sat.src.rpm

SHA-256: bd26a477fcc820670ad320dd288a1770b8c28f297e2be48353f2500d140d17a3

spacewalk-java-2.0.2-58.el5sat.src.rpm

SHA-256: d3ed55b958de52bd595cfcb00cc951761ce0bb3ef3e3283265e6ee791c4faaaa

spacewalk-web-2.0.3-19.el5sat.src.rpm

SHA-256: 5a0e733a79b212fdda8cec461227d0e134483ea4866ac71d154c08c0736344ea

x86_64

satellite-branding-5.6.0.23-1.el5sat.noarch.rpm

SHA-256: 2e1762577958ef581703ad0b5db23d0bb11ae2519169f81a44c1c6ea54f9a4bf

spacewalk-base-2.0.3-19.el5sat.noarch.rpm

SHA-256: d67a7725f12dc1509b795ebcd15beb8628a0a8883578e49dcb8f16d6105bcd24

spacewalk-base-minimal-2.0.3-19.el5sat.noarch.rpm

SHA-256: 74380e7572faffbe7a3086cb8636201c0e4d4e22eac872d313065644bbd98657

spacewalk-base-minimal-config-2.0.3-19.el5sat.noarch.rpm

SHA-256: fae6acc8c02754ce1398d5df19546a45d662bfb6dc6bf07e80e714b3eca988ee

spacewalk-dobby-2.0.3-19.el5sat.noarch.rpm

SHA-256: 64bafa87186a01ada0ac994427b5f2629ec41fb302d89368c121adff7602cee0

spacewalk-grail-2.0.3-19.el5sat.noarch.rpm

SHA-256: bc6204331c6da453e00857073f1accd16415bb3016608d42890ee36f2c7ff2fe

spacewalk-html-2.0.3-19.el5sat.noarch.rpm

SHA-256: 362d7f22a932de3cca6194471e9d37b92249b3d45bb9a0da291e1a4183d39792

spacewalk-java-2.0.2-58.el5sat.noarch.rpm

SHA-256: 32a7bdaacb31442308003f48b970243932eec3f30f4c9984fa18400b8647d18d

spacewalk-java-config-2.0.2-58.el5sat.noarch.rpm

SHA-256: 5809851cd5372ccc608c36ed66fbd36e5eb1d42d73a92e3ec371650750d8b2b0

spacewalk-java-lib-2.0.2-58.el5sat.noarch.rpm

SHA-256: b156ef1a55a162fc8b403684cea9c750b85d684e54ac514c3918f9a453a6159f

spacewalk-java-oracle-2.0.2-58.el5sat.noarch.rpm

SHA-256: 8c8035c84439fd0effc9dd67c0137c868c0829083de5a9005ddd5c664c0a8b4c

spacewalk-java-postgresql-2.0.2-58.el5sat.noarch.rpm

SHA-256: 1c2193b0b7ebf1971051381677c86a90203a0037c401289a149f1a9f700376ce

spacewalk-pxt-2.0.3-19.el5sat.noarch.rpm

SHA-256: 208de37ff48bd4f87ca896f0894c00cf7612f4d4b3c0221f926912ca34970cb9

spacewalk-sniglets-2.0.3-19.el5sat.noarch.rpm

SHA-256: 526e17b96c6adad39305223fbcfcd79d6c145a2e0c15ec1e2bfa1438d52076a5

spacewalk-taskomatic-2.0.2-58.el5sat.noarch.rpm

SHA-256: 38ac4d5a1f53be30f6bfc52c508125bc9adea8f8388327006c1349727b6a4984

s390x

satellite-branding-5.6.0.23-1.el5sat.noarch.rpm

SHA-256: 2e1762577958ef581703ad0b5db23d0bb11ae2519169f81a44c1c6ea54f9a4bf

spacewalk-base-2.0.3-19.el5sat.noarch.rpm

SHA-256: d67a7725f12dc1509b795ebcd15beb8628a0a8883578e49dcb8f16d6105bcd24

spacewalk-base-minimal-2.0.3-19.el5sat.noarch.rpm

SHA-256: 74380e7572faffbe7a3086cb8636201c0e4d4e22eac872d313065644bbd98657

spacewalk-base-minimal-config-2.0.3-19.el5sat.noarch.rpm

SHA-256: fae6acc8c02754ce1398d5df19546a45d662bfb6dc6bf07e80e714b3eca988ee

spacewalk-dobby-2.0.3-19.el5sat.noarch.rpm

SHA-256: 64bafa87186a01ada0ac994427b5f2629ec41fb302d89368c121adff7602cee0

spacewalk-grail-2.0.3-19.el5sat.noarch.rpm

SHA-256: bc6204331c6da453e00857073f1accd16415bb3016608d42890ee36f2c7ff2fe

spacewalk-html-2.0.3-19.el5sat.noarch.rpm

SHA-256: 362d7f22a932de3cca6194471e9d37b92249b3d45bb9a0da291e1a4183d39792

spacewalk-java-2.0.2-58.el5sat.noarch.rpm

SHA-256: 32a7bdaacb31442308003f48b970243932eec3f30f4c9984fa18400b8647d18d

spacewalk-java-config-2.0.2-58.el5sat.noarch.rpm

SHA-256: 5809851cd5372ccc608c36ed66fbd36e5eb1d42d73a92e3ec371650750d8b2b0

spacewalk-java-lib-2.0.2-58.el5sat.noarch.rpm

SHA-256: b156ef1a55a162fc8b403684cea9c750b85d684e54ac514c3918f9a453a6159f

spacewalk-java-oracle-2.0.2-58.el5sat.noarch.rpm

SHA-256: 8c8035c84439fd0effc9dd67c0137c868c0829083de5a9005ddd5c664c0a8b4c

spacewalk-java-postgresql-2.0.2-58.el5sat.noarch.rpm

SHA-256: 1c2193b0b7ebf1971051381677c86a90203a0037c401289a149f1a9f700376ce

spacewalk-pxt-2.0.3-19.el5sat.noarch.rpm

SHA-256: 208de37ff48bd4f87ca896f0894c00cf7612f4d4b3c0221f926912ca34970cb9

spacewalk-sniglets-2.0.3-19.el5sat.noarch.rpm

SHA-256: 526e17b96c6adad39305223fbcfcd79d6c145a2e0c15ec1e2bfa1438d52076a5

spacewalk-taskomatic-2.0.2-58.el5sat.noarch.rpm

SHA-256: 38ac4d5a1f53be30f6bfc52c508125bc9adea8f8388327006c1349727b6a4984

Red Hat Satellite 5 Managed DB 5.6 for RHEL 6

SRPM

spacewalk-web-2.0.3-19.el6sat.src.rpm

SHA-256: e935706c15bb0c987110911669b7a4b7c51c9a081c71cadbb3f19a142de0c4d0

x86_64

spacewalk-base-minimal-2.0.3-19.el6sat.noarch.rpm

SHA-256: bdc3995071172eaec282cd21ddb13082b6e6e923105b99b4e3a066e70d3f5078

spacewalk-dobby-2.0.3-19.el6sat.noarch.rpm

SHA-256: 3c437d97152ef021d4951c0cc0aa1d62dfbcdb03a0ece2fff6086f8842431abd

s390x

spacewalk-base-minimal-2.0.3-19.el6sat.noarch.rpm

SHA-256: bdc3995071172eaec282cd21ddb13082b6e6e923105b99b4e3a066e70d3f5078

spacewalk-dobby-2.0.3-19.el6sat.noarch.rpm

SHA-256: 3c437d97152ef021d4951c0cc0aa1d62dfbcdb03a0ece2fff6086f8842431abd

Red Hat Satellite 5 Managed DB 5.6 for RHEL 5

SRPM

spacewalk-web-2.0.3-19.el5sat.src.rpm

SHA-256: 5a0e733a79b212fdda8cec461227d0e134483ea4866ac71d154c08c0736344ea

x86_64

spacewalk-base-minimal-2.0.3-19.el5sat.noarch.rpm

SHA-256: 74380e7572faffbe7a3086cb8636201c0e4d4e22eac872d313065644bbd98657

spacewalk-dobby-2.0.3-19.el5sat.noarch.rpm

SHA-256: 64bafa87186a01ada0ac994427b5f2629ec41fb302d89368c121adff7602cee0

s390x

spacewalk-base-minimal-2.0.3-19.el5sat.noarch.rpm

SHA-256: 74380e7572faffbe7a3086cb8636201c0e4d4e22eac872d313065644bbd98657

spacewalk-dobby-2.0.3-19.el5sat.noarch.rpm

SHA-256: 64bafa87186a01ada0ac994427b5f2629ec41fb302d89368c121adff7602cee0

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907