1140859 – Cross-site scripting security vulnerability related to viewing tomcat logs

Bug 1140859 - Cross-site scripting security vulnerability related to viewing tomcat logs

Summary: Cross-site scripting security vulnerability related to viewing tomcat logs

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Spacewalk
Classification:	Community
Component:	Server
Sub Component:
Version:	2.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Stephen Herr
QA Contact:	Red Hat Satellite QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1140863 1141327 space23
TreeView+	depends on / blocked

Reported:	2014-09-11 21:16 UTC by Stephen Herr
Modified:	2015-04-14 19:17 UTC (History)
CC List:	0 users
Fixed In Version:	spacewalk-java-2.2.124-1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1140863 1141327 (view as bug list)
Environment:
Last Closed:	2014-09-12 16:08:22 UTC
Embargoed:

Attachments	(Terms of Use)

Description Stephen Herr 2014-09-11 21:16:07 UTC

Description of problem:
CVE-2014-3595

An attacker could hit Spacewalk with a malformed url to make tomcat log malicious html. Then, if a Spacewalk admin looked at the tomcat logs in the webui through Admin -> Show Tomcat Logs the malicious html could cause an arbitrary script to run.

Comment 1 Stephen Herr 2014-09-11 21:22:55 UTC

Committing to Spacewalk master:
64e887448ef01e956256a03cc71b71e0f086a1c5

Cherry-picking to Spacewalk master:
9707946c4ac17a1c1124e682f157fc2f69959f82

Comment 2 Stephen Herr 2014-09-11 21:26:35 UTC

The second commit has in comment 1 should read "Cherry-picking to Spacewalk 2.2".

Comment 3 Stephen Herr 2014-09-12 16:08:22 UTC

Updated spacewalk-java packages that fix this vulnerability are now available in Spacewalk 2.2.

Note You need to log in before you can comment on or make changes to this bug.