Bug 1258310 (CVE-2015-6748)

Summary: CVE-2015-6748 jsoup: XSS vulnerability related to incomplete tags at EOF
Product: [Other] Security Response Reporter: Timothy Walsh <twalsh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: alazarot, bbaranow, bmaxwell, cdewolf, chazlett, dandread, darran.lofthouse, etirelli, jason.greene, jawilson, jboss-set, jcoleman, lgao, lpetrovi, mbaluch, mwinkler, myarboro, ncross, nwallace, pgier, psakar, pslavice, rrajasek, rsvoboda, rzhang, tkirby, twalsh, vtunka
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: jsoup-1.8.3 Doc Type: Bug Fix
Doc Text:
It was found that jsoup did not properly validate user-supplied HTML content; certain HTML snippets could get past the validator without being detected as unsafe. A remote attacker could use a specially crafted HTML snippet to execute arbitrary web script in the user's browser.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 02:43:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1258314, 1258315, 1275393, 1275394    
Bug Blocks: 1258308, 1262055, 1278997    

Description Timothy Walsh 2015-08-31 04:42:26 UTC 
We have identified a small vulnerability in Hibernate Validator which is used in at least WildFly and JBoss EAP. 
https://issues.jboss.org/browse/WFLY-5223 [Open URL]
https://hibernate.atlassian.net/browse/HV-1012 [Open URL]
The vulnerability is in the dependency jsoup. Our understanding is that the likely vector OS that :
- an app developer guards a field as safe html via Hibernate Validator
- a malicious user sends a non safe html snippet not properly detected
- the application then uses the html believing it is safe.
Comment 3 Martin Prpič 2015-08-31 12:11:51 UTC 
CVE assignment:

http://www.openwall.com/lists/oss-security/2015/08/28/5
Comment 8 errata-xmlrpc 2015-12-07 20:47:47 UTC 
This issue has been addressed in the following products:



Via RHSA-2015:2560 https://rhn.redhat.com/errata/RHSA-2015-2560.html
Comment 9 errata-xmlrpc 2015-12-07 20:49:44 UTC 
This issue has been addressed in the following products:



Via RHSA-2015:2559 https://rhn.redhat.com/errata/RHSA-2015-2559.html