Bug 1140863

Summary: Cross-site scripting security vulnerability related to viewing tomcat logs
Product: [Community] Spacewalk Reporter: Stephen Herr <sherr>
Component: ServerAssignee: Stephen Herr <sherr>
Status: CLOSED CURRENTRELEASE QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 2.1CC: satqe-list
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: spacewalk-java-2.1.169-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1140859 Environment:
Last Closed: 2014-09-12 19:07:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1140859, 1141327    
Bug Blocks: 1207293    

Description Stephen Herr 2014-09-11 21:24:48 UTC 
+++ This bug was initially created as a clone of Bug #1140859 +++

Description of problem:
CVE-2014-3595

An attacker could hit Spacewalk with a malformed url to make tomcat log malicious html. Then, if a Spacewalk admin looked at the tomcat logs in the webui through Admin -> Show Tomcat Logs the malicious html could cause an arbitrary script to run.

--- Additional comment from Stephen Herr on 2014-09-11 17:22:55 EDT ---

Committing to Spacewalk master:
64e887448ef01e956256a03cc71b71e0f086a1c5

Cherry-picking to Spacewalk master:
9707946c4ac17a1c1124e682f157fc2f69959f82
Comment 1 Stephen Herr 2014-09-11 21:25:55 UTC 
Cherry-picking to Spacewalk 2.1:
26c6d7831184f412ff3c28f223196eaacbf6c941
Comment 2 Stephen Herr 2014-09-12 19:07:58 UTC 
Updated spacewalk-java packages that fix this vulnerability have been released to the Spacewalk 2.1 repo.