Bug 992911 (CVE-2013-4204)

Summary: CVE-2013-4204 GWT: reflected XSS in HTML files used by GWTTestCase
Product: [Other] Security Response Reporter: David Jorm <djorm>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: csadilek, jfuerth, maschmid, mjc, mnovotny, pslegr, rruss
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-06 02:45:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Jorm 2013-08-05 07:46:03 UTC 
A reflected cross-site scripting (XSS) flaw was found in HTML files used by GWTTestCase, a part of Google Web Toolkit (GWT) < 2.5.1. This flaw is only exposed by GWT applications that depend on the JUnit module, and include the vulnerable HTML files.

Upstream Patch:
https://code.google.com/p/google-web-toolkit/source/detail?r=11385

External References:
http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1
Comment 1 David Jorm 2013-08-06 02:45:47 UTC 
Statement:

This flaw does not affect Google Web Toolkit (GWT) as shipped with any Red Hat products. Red Hat products either do not include GWT applications that depend on the JUnit module, or do not include a vulnerable version of GWT.