Bug 1066794 – CVE-2013-6495 JBossWeb Bayeux: Reflected Cross-Site Scripting (XSS)

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1066794 - (CVE-2013-6495) CVE-2013-6495 JBossWeb Bayeux: Reflected Cross-Site Scripting (XSS)

Summary:	CVE-2013-6495 JBossWeb Bayeux: Reflected Cross-Site Scripting (XSS)

Status:	CLOSED CURRENTRELEASE

Aliases:	CVE-2013-6495

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20140710,repor...
Keywords:	Security

Depends On:	1066799 1066800 1066802 1066803 1066804 1066805 1066806
Blocks:	1066795 1082931
	Show dependency tree / graph

Reported:	2014-02-19 01:43 EST by Arun Babu Neelicattu
Modified:	2015-02-15 16:53 EST (History)
CC List:	24 users (show)

See Also:
Fixed In Version:	jbossweb 2.1.14.GA, jbossweb 7.2.1.Final
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2014-07-09 23:26:25 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Arun Babu Neelicattu 2014-02-19 01:43:57 EST

It was found that the JBossWeb Bayeux component would include the contents of the jsonp request parameter in the response, without escaping. A remote attacker could use this flaw to perform reflected cross-site scripting (XSS) attacks under certain conditions. The content type of the response is text/json, which can still be interpreted as HTML by the browser if it uses content sniffing. If the browser evaluates the response, this flaw could be exploited by a DOM-based XSS attack.

Comment 1 Arun Babu Neelicattu 2014-02-19 01:54:24 EST

Upstream Fix:
http://viewvc.jboss.org/cgi-bin/viewvc.cgi/jbossweb?view=revision&revision=2176

Upstream Bug:
https://issues.jboss.org/browse/JBWEB-267

Comment 5 Arun Babu Neelicattu 2014-07-09 23:26:25 EDT

Statement:

Red Hat JBoss Enterprise Application Platform 6 prior to 6.1.1 and Red Hat JBoss Portal Platform 6 prior to 6.1.0 are affected by this flaw. All users of vulnerable versions are advised to update to 6.1.1 or later of Red Hat JBoss Enterprise Application Platform 6 and 6.1.0 or later of Red Hat JBoss Portal Platform 6

Comment 6 Arun Babu Neelicattu 2014-07-09 23:31:29 EDT

Acknowledgements:

This issue was discovered by David Jorm of Red Hat Product Security.

Note You need to log in before you can comment on or make changes to this bug.

aneelica
asaldhan
bdawidow
cdewolf
dandread
darran.lofthouse
djorm
grocha
hfnukal
jawilson
jcoleman
jpallich
jrusnack
kconner
lgao
mweiler
myarboro
pcheung
pgier
pslavice
rsvoboda
security-response-team
theute
vtunka