Bug 988774 (CVE-2013-4181) - CVE-2013-4181 ovirt-engine: RedirectServlet cross-site scripting flaw
Summary: CVE-2013-4181 ovirt-engine: RedirectServlet cross-site scripting flaw
Alias: CVE-2013-4181
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 988970 988971 1007482
Blocks: 988786 999624
TreeView+ depends on / blocked
Reported: 2013-07-26 10:38 UTC by Jan Lieskovsky
Modified: 2023-05-12 20:42 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2021-10-20 10:40:22 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:1210 0 normal SHIPPED_LIVE Moderate: rhevm security and bug fix update 2013-09-10 23:03:43 UTC

Description Jan Lieskovsky 2013-07-26 10:38:40 UTC
A cross-site scripting (XSS) flaw was found in the RedirectServlet of the oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M). A remote attacker could provide a specially-crafted link, that when visited by an unsuspecting RHEV-M / oVirt user would lead to arbitrary script execution in the context of the RHEV-M / oVirt domain.  Access to the RedirectServlet does not require authentication.

Comment 2 Tomas Hoger 2013-07-26 11:18:56 UTC
This problem is in the addAlert method of the RedirectServlet:


This method generates an HTML page with JavaScript alert used to display error message to the user.  Generated message includes content from the request.  This content is not properly sanitized - single quotes are replaced by double quotes to protect against certain attacks, however, </script> does not get filtered or escaped properly.

Comment 5 Jan Lieskovsky 2013-07-26 14:41:57 UTC

Red Hat would like to thank Kayhan KAYIHAN of Endersys A.Ş. for reporting this issue.

Comment 8 errata-xmlrpc 2013-09-10 19:05:16 UTC
This issue has been addressed in following products:

  RHEV Manager version 3.2

Via RHSA-2013:1210 https://rhn.redhat.com/errata/RHSA-2013-1210.html

Note You need to log in before you can comment on or make changes to this bug.