Bug 1255170 (CVE-2015-5216) - CVE-2015-5216 ipsilon: XSS due to exception handling
Summary: CVE-2015-5216 ipsilon: XSS due to exception handling
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-5216
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1255176 1255775
Blocks: 1255174
TreeView+ depends on / blocked
 
Reported: 2015-08-19 20:25 UTC by Kurt Seifried
Modified: 2021-10-21 00:47 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A flaw was discovered in the Ipsilon IdP server in its use of Python templates, where JavaScript code could potentially be injected into an Python exception-message template. A remote, unauthorised attacker could use this flaw to perform an XXS attack.
Clone Of:
Environment:
Last Closed: 2021-10-21 00:47:00 UTC

Attachments (Terms of Use)

Description Kurt Seifried 2015-08-19 20:25:35 UTC 
Michael Scherer of Red Hat reports:

ipsilon does not escape HTML when processing http(s) request responses, allowing to inject js code into Python exception message template.

Upstream patch:

https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16
Comment 1 Kurt Seifried 2015-08-19 20:36:03 UTC 
Created ipsilon tracking bugs for this issue:

Affects: fedora-all [bug 1255176]
Comment 3 Viliam Križan 2015-08-24 08:58:49 UTC 
Acknowledgement:

This issue was discovered by Michael Scherer of Red Hat.
Comment 5 Ilya Etingof 2015-08-24 09:19:38 UTC 
Analysis:

It was found that js code could potentially be injected into Python exception message template.
Note You need to log in before you can comment on or make changes to this bug.