Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2014-3595: Red Hat Customer Portal - Access to 24x7 support and knowledge

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

CVE
Open in Source
#sql#xss#vulnerability#web#google#linux#red_hat#java#oracle

Synopsis

Important: spacewalk-java security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated spacewalk-java packages that fix one security issue are now
available for Red Hat Satellite 5.4, 5.5, and 5.6.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

Red Hat Satellite is a systems management tool for Linux-based
infrastructures. It allows for provisioning, monitoring, and remote
management of multiple Linux deployments with a single, centralized tool.
The spacewalk-java packages contain the code for the Java version of the
Spacewalk Web site.

A stored cross-site scripting (XSS) flaw was found in the way
spacewalk-java displayed log files. By sending a specially crafted request
to Satellite, a remote attacker could embed HTML content into the log file,
allowing them to inject malicious content into the web page that is used to
view that log file. (CVE-2014-3595)

Red Hat would like to thank Ron Bowes of Google for reporting this issue.

All spacewalk-java users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Satellite 5.6 for RHEL 6 x86_64
  • Red Hat Satellite 5.6 for RHEL 6 s390x
  • Red Hat Satellite 5.6 for RHEL 5 x86_64
  • Red Hat Satellite 5.6 for RHEL 5 s390x
  • Red Hat Satellite with Embedded Oracle 5.5 for RHEL 6 x86_64
  • Red Hat Satellite with Embedded Oracle 5.5 for RHEL 6 s390x
  • Red Hat Satellite with Embedded Oracle 5.5 for RHEL 5 x86_64
  • Red Hat Satellite with Embedded Oracle 5.5 for RHEL 5 s390x
  • Red Hat Satellite with Embedded Oracle 5.4 for RHEL 6 x86_64
  • Red Hat Satellite with Embedded Oracle 5.4 for RHEL 6 s390x
  • Red Hat Satellite with Embedded Oracle 5.4 for RHEL 5 x86_64
  • Red Hat Satellite with Embedded Oracle 5.4 for RHEL 5 s390x
  • Red Hat Satellite with Embedded Oracle 5.4 for RHEL 5 i386

Fixes

  • BZ - 1129821 - CVE-2014-3595 Satellite: Spacewalk contains XSS in log file view

Red Hat Satellite 5.6 for RHEL 6

SRPM

spacewalk-java-2.0.2-85.el6sat.src.rpm

SHA-256: 5f221220b28759d884d82ec359024b962fb3154f4c76a01cef847f1bfe2b38d7

x86_64

spacewalk-java-2.0.2-85.el6sat.noarch.rpm

SHA-256: d849957023fa21fe34346ab13b480a4d025ec4c3f18e91ff02516654faa1e9ec

spacewalk-java-config-2.0.2-85.el6sat.noarch.rpm

SHA-256: 416b6de7042cb1651c42ce34400d6dc7899877a1c7011247289b9dd12fa8e5e2

spacewalk-java-lib-2.0.2-85.el6sat.noarch.rpm

SHA-256: 42bdfd29a5c67aefba0b3b21a5cb91d0a71e677a2f0d66cf86a61a40ec69d69b

spacewalk-java-oracle-2.0.2-85.el6sat.noarch.rpm

SHA-256: bd373d50c0009db6021fd403275b4dc9483c3ba6e6b72692d2670dd261d64696

spacewalk-java-postgresql-2.0.2-85.el6sat.noarch.rpm

SHA-256: 97b153595c287ad6d9bd4d65bd7e24992ed001487efc0a33fc906048bc8f58d0

spacewalk-taskomatic-2.0.2-85.el6sat.noarch.rpm

SHA-256: a5be749b75ac0e56f8584be3b24f17f92ec3675e5f8964b7f3093c0a8cce456d

s390x

spacewalk-java-2.0.2-85.el6sat.noarch.rpm

SHA-256: d849957023fa21fe34346ab13b480a4d025ec4c3f18e91ff02516654faa1e9ec

spacewalk-java-config-2.0.2-85.el6sat.noarch.rpm

SHA-256: 416b6de7042cb1651c42ce34400d6dc7899877a1c7011247289b9dd12fa8e5e2

spacewalk-java-lib-2.0.2-85.el6sat.noarch.rpm

SHA-256: 42bdfd29a5c67aefba0b3b21a5cb91d0a71e677a2f0d66cf86a61a40ec69d69b

spacewalk-java-oracle-2.0.2-85.el6sat.noarch.rpm

SHA-256: bd373d50c0009db6021fd403275b4dc9483c3ba6e6b72692d2670dd261d64696

spacewalk-java-postgresql-2.0.2-85.el6sat.noarch.rpm

SHA-256: 97b153595c287ad6d9bd4d65bd7e24992ed001487efc0a33fc906048bc8f58d0

spacewalk-taskomatic-2.0.2-85.el6sat.noarch.rpm

SHA-256: a5be749b75ac0e56f8584be3b24f17f92ec3675e5f8964b7f3093c0a8cce456d

Red Hat Satellite 5.6 for RHEL 5

SRPM

spacewalk-java-2.0.2-85.el5sat.src.rpm

SHA-256: 70bf5fe1bd4cc65ea5942881924386c08acd51000c0d496e4254c3620b53f998

x86_64

spacewalk-java-2.0.2-85.el5sat.noarch.rpm

SHA-256: fcd70ab35856f1135761139e8b50f5e25ca72440fd542f4056b3652962e0f86b

spacewalk-java-config-2.0.2-85.el5sat.noarch.rpm

SHA-256: 3e1a00e0a4dbbd07cb09d9aa16733e6659f2d6ed41fea8d122e0598ad7775518

spacewalk-java-lib-2.0.2-85.el5sat.noarch.rpm

SHA-256: a14c3d58dda5d10d0ae1a779d21826f18cd408f657edd29271b7e46798ebdfb7

spacewalk-java-oracle-2.0.2-85.el5sat.noarch.rpm

SHA-256: 03c54d8e008a7f3b6c386f818488f4cfeacde75998a336e4f1268cb4e2c89e63

spacewalk-java-postgresql-2.0.2-85.el5sat.noarch.rpm

SHA-256: 0056adfe07eba9645ec8924f326a97c203fa84849be58d59461b8e5d4c82d0e3

spacewalk-taskomatic-2.0.2-85.el5sat.noarch.rpm

SHA-256: 8d037bd04833457dddce48c62a8e8ba124abe566593a9d20255eecdb820c5de8

s390x

spacewalk-java-2.0.2-85.el5sat.noarch.rpm

SHA-256: fcd70ab35856f1135761139e8b50f5e25ca72440fd542f4056b3652962e0f86b

spacewalk-java-config-2.0.2-85.el5sat.noarch.rpm

SHA-256: 3e1a00e0a4dbbd07cb09d9aa16733e6659f2d6ed41fea8d122e0598ad7775518

spacewalk-java-lib-2.0.2-85.el5sat.noarch.rpm

SHA-256: a14c3d58dda5d10d0ae1a779d21826f18cd408f657edd29271b7e46798ebdfb7

spacewalk-java-oracle-2.0.2-85.el5sat.noarch.rpm

SHA-256: 03c54d8e008a7f3b6c386f818488f4cfeacde75998a336e4f1268cb4e2c89e63

spacewalk-java-postgresql-2.0.2-85.el5sat.noarch.rpm

SHA-256: 0056adfe07eba9645ec8924f326a97c203fa84849be58d59461b8e5d4c82d0e3

spacewalk-taskomatic-2.0.2-85.el5sat.noarch.rpm

SHA-256: 8d037bd04833457dddce48c62a8e8ba124abe566593a9d20255eecdb820c5de8

Red Hat Satellite with Embedded Oracle 5.5 for RHEL 6

SRPM

spacewalk-java-1.7.54-129.el6sat.src.rpm

SHA-256: 0c03d7140c9a0f2bf894b5be8e010603f5c12df29996b90e1fcee42cff275a70

x86_64

spacewalk-java-1.7.54-129.el6sat.noarch.rpm

SHA-256: 8a5aa14169d2b25538765da219921d7355b899b287091b68a0a0dfb40e282d16

spacewalk-java-config-1.7.54-129.el6sat.noarch.rpm

SHA-256: 997613b7e4bb7548c99bf61c190b9a131c89babf04e597faccf8c6a7f35d5a96

spacewalk-java-lib-1.7.54-129.el6sat.noarch.rpm

SHA-256: 368e4bb23fd9f8a2978a56543e5be0feb8b82bb5d18a20a181843131304039e2

spacewalk-java-oracle-1.7.54-129.el6sat.noarch.rpm

SHA-256: 088a01f6f5f78474fae05d822c5261f50344c435c49a7905cf92e1ee3a6467d7

spacewalk-taskomatic-1.7.54-129.el6sat.noarch.rpm

SHA-256: d1c9b39da3a4abc7f6d20a680542752e15fa808d038d4fcaeccbfb2ad3c11d85

s390x

spacewalk-java-1.7.54-129.el6sat.noarch.rpm

SHA-256: 8a5aa14169d2b25538765da219921d7355b899b287091b68a0a0dfb40e282d16

spacewalk-java-config-1.7.54-129.el6sat.noarch.rpm

SHA-256: 997613b7e4bb7548c99bf61c190b9a131c89babf04e597faccf8c6a7f35d5a96

spacewalk-java-lib-1.7.54-129.el6sat.noarch.rpm

SHA-256: 368e4bb23fd9f8a2978a56543e5be0feb8b82bb5d18a20a181843131304039e2

spacewalk-java-oracle-1.7.54-129.el6sat.noarch.rpm

SHA-256: 088a01f6f5f78474fae05d822c5261f50344c435c49a7905cf92e1ee3a6467d7

spacewalk-taskomatic-1.7.54-129.el6sat.noarch.rpm

SHA-256: d1c9b39da3a4abc7f6d20a680542752e15fa808d038d4fcaeccbfb2ad3c11d85

Red Hat Satellite with Embedded Oracle 5.5 for RHEL 5

SRPM

spacewalk-java-1.7.54-129.el5sat.src.rpm

SHA-256: 8d228e46b8263ecd88e521effb041be851ed217631069bfe2024e950f764102b

x86_64

spacewalk-java-1.7.54-129.el5sat.noarch.rpm

SHA-256: 6ce03f1e8124ee101d585c648ba1b8ceb06f2d1a624893027d84056c37a6b478

spacewalk-java-config-1.7.54-129.el5sat.noarch.rpm

SHA-256: 74846453183bc48d09535d7a98566dfa7a352a68086e69a951c61cc04361e56d

spacewalk-java-lib-1.7.54-129.el5sat.noarch.rpm

SHA-256: 2fb09f95c7fe4a08993d419678a06b88f8be024115e42b491d37a02b68cf545e

spacewalk-java-oracle-1.7.54-129.el5sat.noarch.rpm

SHA-256: 0d370ae0e72d188c0a05a3c8c12d4b3b56ad950e01478973770f2eba353c5b95

spacewalk-taskomatic-1.7.54-129.el5sat.noarch.rpm

SHA-256: 0898bb5e1500ae0e1ea595ddff59e5e6a9b4e2f68f5e47ac08fd4036a00d8833

s390x

spacewalk-java-1.7.54-129.el5sat.noarch.rpm

SHA-256: 6ce03f1e8124ee101d585c648ba1b8ceb06f2d1a624893027d84056c37a6b478

spacewalk-java-config-1.7.54-129.el5sat.noarch.rpm

SHA-256: 74846453183bc48d09535d7a98566dfa7a352a68086e69a951c61cc04361e56d

spacewalk-java-lib-1.7.54-129.el5sat.noarch.rpm

SHA-256: 2fb09f95c7fe4a08993d419678a06b88f8be024115e42b491d37a02b68cf545e

spacewalk-java-oracle-1.7.54-129.el5sat.noarch.rpm

SHA-256: 0d370ae0e72d188c0a05a3c8c12d4b3b56ad950e01478973770f2eba353c5b95

spacewalk-taskomatic-1.7.54-129.el5sat.noarch.rpm

SHA-256: 0898bb5e1500ae0e1ea595ddff59e5e6a9b4e2f68f5e47ac08fd4036a00d8833

Red Hat Satellite with Embedded Oracle 5.4 for RHEL 6

SRPM

spacewalk-java-1.2.39-137.el6sat.src.rpm

SHA-256: efee4c856e3dc9c60e8ecb652b680bf523266abeb3b050bd96909aeccad6e7c4

x86_64

spacewalk-java-1.2.39-137.el6sat.noarch.rpm

SHA-256: 1ffb14a0c2fd577be38ec6dd3e7079c64553638e786a3c9734b04b7728b35b30

spacewalk-java-config-1.2.39-137.el6sat.noarch.rpm

SHA-256: c5517d50f4e9a9b2f06d47bb9540f9c539e25d9a7272920f656689fd8db4804f

spacewalk-java-lib-1.2.39-137.el6sat.noarch.rpm

SHA-256: 1f096ac327cddb03e4bca07b4579a7beb765d1b664c567006c3a47ab6c683aee

spacewalk-java-oracle-1.2.39-137.el6sat.noarch.rpm

SHA-256: e304578e3b6e2bd74e2c8e24043b582b391b8502d2d717e8e9c4608dcc5b3a23

spacewalk-taskomatic-1.2.39-137.el6sat.noarch.rpm

SHA-256: 314d76897d42d3235470840abd763ef0463ced0f01ed8dac44d7042a7d8508ac

s390x

spacewalk-java-1.2.39-137.el6sat.noarch.rpm

SHA-256: 1ffb14a0c2fd577be38ec6dd3e7079c64553638e786a3c9734b04b7728b35b30

spacewalk-java-config-1.2.39-137.el6sat.noarch.rpm

SHA-256: c5517d50f4e9a9b2f06d47bb9540f9c539e25d9a7272920f656689fd8db4804f

spacewalk-java-lib-1.2.39-137.el6sat.noarch.rpm

SHA-256: 1f096ac327cddb03e4bca07b4579a7beb765d1b664c567006c3a47ab6c683aee

spacewalk-java-oracle-1.2.39-137.el6sat.noarch.rpm

SHA-256: e304578e3b6e2bd74e2c8e24043b582b391b8502d2d717e8e9c4608dcc5b3a23

spacewalk-taskomatic-1.2.39-137.el6sat.noarch.rpm

SHA-256: 314d76897d42d3235470840abd763ef0463ced0f01ed8dac44d7042a7d8508ac

Red Hat Satellite with Embedded Oracle 5.4 for RHEL 5

SRPM

spacewalk-java-1.2.39-137.el5sat.src.rpm

SHA-256: 0dce7cf421b100a009fff3ba25ef33ad50ee5b65258961d1d83d94b65739ea52

x86_64

spacewalk-java-1.2.39-137.el5sat.noarch.rpm

SHA-256: 4e6fe783326f79685ce7c96e151eb9f570a7848d4dc354f29055ec9529c9a880

spacewalk-java-config-1.2.39-137.el5sat.noarch.rpm

SHA-256: 72d7cb160874837e7825f99a2aecdb34dd75dbcbbea894b25fde77be4f298fa6

spacewalk-java-lib-1.2.39-137.el5sat.noarch.rpm

SHA-256: 977d0a46ada0f86c510d5d827e6ad0120e8fb6d843f445d34d987202c9504f60

spacewalk-java-oracle-1.2.39-137.el5sat.noarch.rpm

SHA-256: 1ab7531c6059d65fa77600cc682aced349b138d0f82f95efa6ecf5cdf449200e

spacewalk-taskomatic-1.2.39-137.el5sat.noarch.rpm

SHA-256: 57a9c50636ccbd4d2a8a1bf7e6a640532096459225559390b922b44fbe3f9de0

s390x

spacewalk-java-1.2.39-137.el5sat.noarch.rpm

SHA-256: 4e6fe783326f79685ce7c96e151eb9f570a7848d4dc354f29055ec9529c9a880

spacewalk-java-config-1.2.39-137.el5sat.noarch.rpm

SHA-256: 72d7cb160874837e7825f99a2aecdb34dd75dbcbbea894b25fde77be4f298fa6

spacewalk-java-lib-1.2.39-137.el5sat.noarch.rpm

SHA-256: 977d0a46ada0f86c510d5d827e6ad0120e8fb6d843f445d34d987202c9504f60

spacewalk-java-oracle-1.2.39-137.el5sat.noarch.rpm

SHA-256: 1ab7531c6059d65fa77600cc682aced349b138d0f82f95efa6ecf5cdf449200e

spacewalk-taskomatic-1.2.39-137.el5sat.noarch.rpm

SHA-256: 57a9c50636ccbd4d2a8a1bf7e6a640532096459225559390b922b44fbe3f9de0

i386

spacewalk-java-1.2.39-137.el5sat.noarch.rpm

SHA-256: 4e6fe783326f79685ce7c96e151eb9f570a7848d4dc354f29055ec9529c9a880

spacewalk-java-config-1.2.39-137.el5sat.noarch.rpm

SHA-256: 72d7cb160874837e7825f99a2aecdb34dd75dbcbbea894b25fde77be4f298fa6

spacewalk-java-lib-1.2.39-137.el5sat.noarch.rpm

SHA-256: 977d0a46ada0f86c510d5d827e6ad0120e8fb6d843f445d34d987202c9504f60

spacewalk-java-oracle-1.2.39-137.el5sat.noarch.rpm

SHA-256: 1ab7531c6059d65fa77600cc682aced349b138d0f82f95efa6ecf5cdf449200e

spacewalk-taskomatic-1.2.39-137.el5sat.noarch.rpm

SHA-256: 57a9c50636ccbd4d2a8a1bf7e6a640532096459225559390b922b44fbe3f9de0

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE