CVE-2014-3654 – Satellite: Spacewalk contains multiple XSS (stored and reflected)
https://notcve.org/view.php?id=CVE-2014-3654
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do. Múltiples vulnerabilidades de XSS en spacewalk-java 2.0.2 en Spacewalk and Red Hat Network (RHN) Satellite 5.5 y 5.6 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados en (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, o (3) admin/multiorg/OrgUsers.do. Stored and reflected cross-site scripting (XSS) flaws were found in the way spacewalk-java displayed certain information. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data. • http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00010.html http://rhn.redhat.com/errata/RHSA-2014-1762.html http://secunia.com/advisories/60976 http://secunia.com/advisories/62027 https://access.redhat.com/security/cve/CVE-2014-3654 https://bugzilla.redhat.com/show_bug.cgi?id=1144628 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-3595 – Satellite: Spacewalk contains XSS in log file view
https://notcve.org/view.php?id=CVE-2014-3595
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging. Vulnerabilidad de XSS en spacewalk-java 1.2.39, 1.7.54, y 2.0.2 en Spacewalk y Red Hat Network (RHN) Satellite 5.4 hasta 5.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una petición modificada que no es manejada adecuadamente cuando se accede. A stored cross-site scripting (XSS) flaw was found in the way spacewalk-java displayed log files. By sending a specially crafted request to Satellite, a remote attacker could embed HTML content into the log file, allowing them to inject malicious content into the web page that is used to view that log file. • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html http://rhn.redhat.com/errata/RHSA-2014-1184.html http://secunia.com/advisories/61115 http://secunia.com/advisories/62027 https://access.redhat.com/security/cve/CVE-2014-3595 https://bugzilla.redhat.com/show_bug.cgi?id=1129821 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-2236
https://notcve.org/view.php?id=CVE-2010-2236
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks. La consola de sensores de monitorización en spacewalk-java anterior a 2.1.148-1 y Red Hat Network (RHN) Satellite 4.0.0 hasta 4.2.0 y 5.1.0 hasta 5.3.0 y Proxy 5.3.0, permite a usuarios remotos autenticados con permisos para administrar sensores de monitorización ejecutar código arbitrario a través de vectores no especificados, relacionado con backticks. • http://secunia.com/advisories/56952 https://bugzilla.redhat.com/attachment.cgi?id=819987&action=diff https://bugzilla.redhat.com/show_bug.cgi?id=607712 https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9 https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html • CWE-20: Improper Input Validation •
CVE-2013-4480 – Satellite: Interface to create the initial administrator user remains open after installation
https://notcve.org/view.php?id=CVE-2013-4480
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. Red Hat Satellite 5.6 y anteriores versiones no deshabilita la interfaz web que es usada para crear el primer usuario para un satellite, lo que permite a atacantes remotos crear cuentas de administrador. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00009.html http://rhn.redhat.com/errata/RHSA-2013-1513.html http://rhn.redhat.com/errata/RHSA-2013-1514.html https://access.redhat.com/site/articles/539283 https://bugzilla.redhat.com/show_bug.cgi?id=1024614 https://access.redhat.com/security/cve/CVE-2013-4480 • CWE-668: Exposure of Resource to Wrong Sphere CWE-862: Missing Authorization •
CVE-2013-2056 – Satellite: Inter-Satellite Sync (ISS) does not require authentication/authorization
https://notcve.org/view.php?id=CVE-2013-2056
The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call. La operación Inter-Satellite Sync (ISS) en Red Hat Network (RHN) Satellite 5.3, 5.4, y 5.5 no valida adecuadamente la "autenticidad" del cliente, lo que permite a atacantes remotos obtener el contenido de un canal evitando la llamada inicial para la autenticación. • http://rhn.redhat.com/errata/RHSA-2013-0848.html http://secunia.com/advisories/53487 http://www.osvdb.org/93566 https://access.redhat.com/security/cve/CVE-2013-2056 https://bugzilla.redhat.com/show_bug.cgi?id=959524 • CWE-287: Improper Authentication •