Bug 1258310 - (CVE-2015-6748) CVE-2015-6748 jsoup: XSS vulnerability related to incomplete tags at EOF
CVE-2015-6748 jsoup: XSS vulnerability related to incomplete tags at EOF
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20150827,repor...
: Security
Depends On: 1258314 1258315 1275393 1275394
Blocks: 1262055 1258308 1278997
  Show dependency treegraph
 
Reported: 2015-08-31 00:42 EDT by Timothy Walsh
Modified: 2016-03-04 06:13 EST (History)
29 users (show)

See Also:
Fixed In Version: jsoup-1.8.3
Doc Type: Bug Fix
Doc Text:
It was found that jsoup did not properly validate user-supplied HTML content; certain HTML snippets could get past the validator without being detected as unsafe. A remote attacker could use a specially crafted HTML snippet to execute arbitrary web script in the user's browser.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Timothy Walsh 2015-08-31 00:42:26 EDT
We have identified a small vulnerability in Hibernate Validator which is used in at least WildFly and JBoss EAP. 
https://issues.jboss.org/browse/WFLY-5223 [Open URL]
https://hibernate.atlassian.net/browse/HV-1012 [Open URL]
The vulnerability is in the dependency jsoup. Our understanding is that the likely vector OS that :
- an app developer guards a field as safe html via Hibernate Validator
- a malicious user sends a non safe html snippet not properly detected
- the application then uses the html believing it is safe.
Comment 3 Martin Prpič 2015-08-31 08:11:51 EDT
CVE assignment:

http://www.openwall.com/lists/oss-security/2015/08/28/5
Comment 8 errata-xmlrpc 2015-12-07 15:47:47 EST
This issue has been addressed in the following products:



Via RHSA-2015:2560 https://rhn.redhat.com/errata/RHSA-2015-2560.html
Comment 9 errata-xmlrpc 2015-12-07 15:49:44 EST
This issue has been addressed in the following products:



Via RHSA-2015:2559 https://rhn.redhat.com/errata/RHSA-2015-2559.html

Note You need to log in before you can comment on or make changes to this bug.