Bug 988774 - (CVE-2013-4181) CVE-2013-4181 ovirt-engine: RedirectServlet cross-site scripting flaw
CVE-2013-4181 ovirt-engine: RedirectServlet cross-site scripting flaw
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 988970 988971 1007482
Blocks: 988786 999624
  Show dependency treegraph
Reported: 2013-07-26 06:38 EDT by Jan Lieskovsky
Modified: 2018-03-05 09:54 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2013-07-26 06:38:40 EDT
A cross-site scripting (XSS) flaw was found in the RedirectServlet of the oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M). A remote attacker could provide a specially-crafted link, that when visited by an unsuspecting RHEV-M / oVirt user would lead to arbitrary script execution in the context of the RHEV-M / oVirt domain.  Access to the RedirectServlet does not require authentication.
Comment 2 Tomas Hoger 2013-07-26 07:18:56 EDT
This problem is in the addAlert method of the RedirectServlet:


This method generates an HTML page with JavaScript alert used to display error message to the user.  Generated message includes content from the request.  This content is not properly sanitized - single quotes are replaced by double quotes to protect against certain attacks, however, </script> does not get filtered or escaped properly.
Comment 5 Jan Lieskovsky 2013-07-26 10:41:57 EDT

Red Hat would like to thank Kayhan KAYIHAN of Endersys A.Ş. for reporting this issue.
Comment 8 errata-xmlrpc 2013-09-10 15:05:16 EDT
This issue has been addressed in following products:

  RHEV Manager version 3.2

Via RHSA-2013:1210 https://rhn.redhat.com/errata/RHSA-2013-1210.html

Note You need to log in before you can comment on or make changes to this bug.