CVE-2014-3595

Current Description

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

Basic Data

PublishedSeptember 22, 2014
Last ModifiedNovember 14, 2014
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-79
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatNetwork Satellite5.4*******
    2.3ApplicationRedhatNetwork Satellite5.5*******
    2.3ApplicationRedhatNetwork Satellite5.6*******
    2.3ApplicationRedhatSpacewalk-java1.2.39*******
    2.3ApplicationRedhatSpacewalk-java1.7.54*******
    2.3ApplicationRedhatSpacewalk-java2.0.2*******

Vulnerable Software List

VendorProductVersions
Redhat Network Satellite 5.4, 5.5, 5.6
Redhat Spacewalk-java 1.2.39, 1.7.54, 2.0.2

References

NameSourceURLTags
SUSE-SU-2014:1218http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00031.htmlSUSE
SUSE-SU-2014:1339http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.htmlSUSE
RHSA-2014:1184http://rhn.redhat.com/errata/RHSA-2014-1184.htmlREDHATVendor Advisory
61115http://secunia.com/advisories/61115SECUNIA
62027http://secunia.com/advisories/62027SECUNIA