CVE-2014-3595
Satellite: Spacewalk contains XSS in log file view
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.
Vulnerabilidad de XSS en spacewalk-java 1.2.39, 1.7.54, y 2.0.2 en Spacewalk y Red Hat Network (RHN) Satellite 5.4 hasta 5.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una petición modificada que no es manejada adecuadamente cuando se accede.
A stored cross-site scripting (XSS) flaw was found in the way spacewalk-java displayed log files. By sending a specially crafted request to Satellite, a remote attacker could embed HTML content into the log file, allowing them to inject malicious content into the web page that is used to view that log file.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-14 CVE Reserved
- 2014-09-12 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/61115 | Third Party Advisory | |
http://secunia.com/advisories/62027 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00031.html | 2022-02-25 | |
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html | 2022-02-25 |
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2014-1184.html | 2022-02-25 | |
https://access.redhat.com/security/cve/CVE-2014-3595 | 2014-09-11 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1129821 | 2014-09-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Suse Search vendor "Suse" | Manager Search vendor "Suse" for product "Manager" | 1.7 Search vendor "Suse" for product "Manager" and version "1.7" | - |
Affected
| in | Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 11 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11" | sp2 |
Safe
|
Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | 5.4 Search vendor "Redhat" for product "Satellite" and version "5.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | 5.5 Search vendor "Redhat" for product "Satellite" and version "5.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | 5.6 Search vendor "Redhat" for product "Satellite" and version "5.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Satellite With Embedded Oracle Search vendor "Redhat" for product "Satellite With Embedded Oracle" | 5.4 Search vendor "Redhat" for product "Satellite With Embedded Oracle" and version "5.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Satellite With Embedded Oracle Search vendor "Redhat" for product "Satellite With Embedded Oracle" | 5.5 Search vendor "Redhat" for product "Satellite With Embedded Oracle" and version "5.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Spacewalk-java Search vendor "Redhat" for product "Spacewalk-java" | 1.2.39 Search vendor "Redhat" for product "Spacewalk-java" and version "1.2.39" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Spacewalk-java Search vendor "Redhat" for product "Spacewalk-java" | 1.7.54 Search vendor "Redhat" for product "Spacewalk-java" and version "1.7.54" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Spacewalk-java Search vendor "Redhat" for product "Spacewalk-java" | 2.0.2 Search vendor "Redhat" for product "Spacewalk-java" and version "2.0.2" | - |
Affected
| ||||||
Suse Search vendor "Suse" | Manager Server Search vendor "Suse" for product "Manager Server" | - | - |
Affected
|