Bug 1258310 (CVE-2015-6748) - CVE-2015-6748 jsoup: XSS vulnerability related to incomplete tags at EOF
Summary: CVE-2015-6748 jsoup: XSS vulnerability related to incomplete tags at EOF
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-6748
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1258314 1258315 1275393 1275394
Blocks: 1258308 1262055 1278997
TreeView+ depends on / blocked
 
Reported: 2015-08-31 04:42 UTC by Timothy Walsh
Modified: 2021-02-17 04:58 UTC (History)
28 users (show)

Fixed In Version: jsoup-1.8.3
Doc Type: Bug Fix
Doc Text:
It was found that jsoup did not properly validate user-supplied HTML content; certain HTML snippets could get past the validator without being detected as unsafe. A remote attacker could use a specially crafted HTML snippet to execute arbitrary web script in the user's browser.
Clone Of:
Environment:
Last Closed: 2019-06-08 02:43:24 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2559 0 normal SHIPPED_LIVE Critical: Red Hat JBoss BRMS 6.2.0 update 2015-12-08 01:46:42 UTC
Red Hat Product Errata RHSA-2015:2560 0 normal SHIPPED_LIVE Critical: Red Hat JBoss BPM Suite 6.2.0 update 2015-12-08 01:46:36 UTC

Description Timothy Walsh 2015-08-31 04:42:26 UTC 
We have identified a small vulnerability in Hibernate Validator which is used in at least WildFly and JBoss EAP. 
https://issues.jboss.org/browse/WFLY-5223 [Open URL]
https://hibernate.atlassian.net/browse/HV-1012 [Open URL]
The vulnerability is in the dependency jsoup. Our understanding is that the likely vector OS that :
- an app developer guards a field as safe html via Hibernate Validator
- a malicious user sends a non safe html snippet not properly detected
- the application then uses the html believing it is safe.
Comment 3 Martin Prpič 2015-08-31 12:11:51 UTC 
CVE assignment:

http://www.openwall.com/lists/oss-security/2015/08/28/5
Comment 8 errata-xmlrpc 2015-12-07 20:47:47 UTC 
This issue has been addressed in the following products:



Via RHSA-2015:2560 https://rhn.redhat.com/errata/RHSA-2015-2560.html
Comment 9 errata-xmlrpc 2015-12-07 20:49:44 UTC 
This issue has been addressed in the following products:



Via RHSA-2015:2559 https://rhn.redhat.com/errata/RHSA-2015-2559.html
Note You need to log in before you can comment on or make changes to this bug.