1353722 – (CVE-2016-5383) CVE-2016-5383 CloudForms: Lack of field filters on user input

Bug 1353722 (CVE-2016-5383) - CVE-2016-5383 CloudForms: Lack of field filters on user input

Summary: CVE-2016-5383 CloudForms: Lack of field filters on user input

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2016-5383
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1357072 1365674
Blocks:	1353727
TreeView+	depends on / blocked

Reported:	2016-07-07 20:02 UTC by Kurt Seifried
Modified:	2021-02-17 03:37 UTC (History)
CC List:	17 users (show)
Fixed In Version:	cfme 5.6.1.2
Clone Of:
Environment:
Last Closed:	2016-09-11 03:25:33 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:1634	0	normal	SHIPPED_LIVE	Important: CFME 5.6.1 security, bug fix, and enhancement update	2016-08-18 21:43:52 UTC

Description Kurt Seifried 2016-07-07 20:02:51 UTC

Eric Hayes of Red Hat reports:

A filter validation flaw exists in CloudForms, this could result in an attacker 
injecting content that then triggers code execution within CloudForms.

Comment 1 Kurt Seifried 2016-07-07 20:03:00 UTC

Acknowledgments:

Name: Eric Hayes (Red Hat)

Comment 4 errata-xmlrpc 2016-08-18 18:03:00 UTC

This issue has been addressed in the following products:

  CloudForms Management Engine 5.6

Via RHSA-2016:1634 https://rhn.redhat.com/errata/RHSA-2016-1634.html

Note You need to log in before you can comment on or make changes to this bug.