Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1140859 - Cross-site scripting security vulnerability related to viewing tomcat logs
Summary: Cross-site scripting security vulnerability related to viewing tomcat logs
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Spacewalk
Classification: Community
Component: Server
Version: 2.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Stephen Herr
QA Contact: Red Hat Satellite QA List
URL:
Whiteboard:
Depends On:
Blocks: 1140863 1141327 space23
TreeView+ depends on / blocked
 
Reported: 2014-09-11 21:16 UTC by Stephen Herr
Modified: 2015-04-14 19:17 UTC (History)
0 users

Fixed In Version: spacewalk-java-2.2.124-1
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1140863 1141327 (view as bug list)
Environment:
Last Closed: 2014-09-12 16:08:22 UTC
Embargoed:

Attachments (Terms of Use)

Description Stephen Herr 2014-09-11 21:16:07 UTC 
Description of problem:
CVE-2014-3595

An attacker could hit Spacewalk with a malformed url to make tomcat log malicious html. Then, if a Spacewalk admin looked at the tomcat logs in the webui through Admin -> Show Tomcat Logs the malicious html could cause an arbitrary script to run.
Comment 1 Stephen Herr 2014-09-11 21:22:55 UTC 
Committing to Spacewalk master:
64e887448ef01e956256a03cc71b71e0f086a1c5

Cherry-picking to Spacewalk master:
9707946c4ac17a1c1124e682f157fc2f69959f82
Comment 2 Stephen Herr 2014-09-11 21:26:35 UTC 
The second commit has in comment 1 should read "Cherry-picking to Spacewalk 2.2".
Comment 3 Stephen Herr 2014-09-12 16:08:22 UTC 
Updated spacewalk-java packages that fix this vulnerability are now available in Spacewalk 2.2.
Note You need to log in before you can comment on or make changes to this bug.