Bug 1066794 (CVE-2013-6495)

Summary: CVE-2013-6495 JBossWeb Bayeux: Reflected Cross-Site Scripting (XSS)
Product: [Other] Security Response Reporter: Arun Babu Neelicattu <aneelica>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aneelica, asaldhan, bdawidow, cdewolf, dandread, darran.lofthouse, djorm, grocha, hfnukal, jawilson, jcoleman, jpallich, jrusnack, kconner, lgao, mweiler, myarboro, pcheung, pgier, pslavice, rsvoboda, security-response-team, theute, vtunka
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: jbossweb 2.1.14.GA, jbossweb 7.2.1.Final Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-07-10 03:26:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1066799, 1066800, 1066802, 1066803, 1066804, 1066805, 1066806    
Bug Blocks: 1066795, 1082931    

Description Arun Babu Neelicattu 2014-02-19 06:43:57 UTC 
It was found that the JBossWeb Bayeux component would include the contents of the jsonp request parameter in the response, without escaping. A remote attacker could use this flaw to perform reflected cross-site scripting (XSS) attacks under certain conditions. The content type of the response is text/json, which can still be interpreted as HTML by the browser if it uses content sniffing. If the browser evaluates the response, this flaw could be exploited by a DOM-based XSS attack.
Comment 1 Arun Babu Neelicattu 2014-02-19 06:54:24 UTC 
Upstream Fix:
http://viewvc.jboss.org/cgi-bin/viewvc.cgi/jbossweb?view=revision&revision=2176

Upstream Bug:
https://issues.jboss.org/browse/JBWEB-267
Comment 5 Arun Babu Neelicattu 2014-07-10 03:26:25 UTC 
Statement:

Red Hat JBoss Enterprise Application Platform 6 prior to 6.1.1 and Red Hat JBoss Portal Platform 6 prior to 6.1.0 are affected by this flaw. All users of vulnerable versions are advised to update to 6.1.1 or later of Red Hat JBoss Enterprise Application Platform 6 and 6.1.0 or later of Red Hat JBoss Portal Platform 6
Comment 6 Arun Babu Neelicattu 2014-07-10 03:31:29 UTC 
Acknowledgements:

This issue was discovered by David Jorm of Red Hat Product Security.