ID CVE-2016-3079 Type cve Reporter NVD Modified 2016-04-18T14:14:21
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).
{"hash": "c18e1d259923a254b465298c8f504d116254e8d5d81dc8ad47b4ae21dceaa19a", "id": "CVE-2016-3079", "lastseen": "2016-12-01T02:16:42", "viewCount": 1, "hashmap": [{"hash": "65d5a89e1c9e4fd39cccde5dde742638", "key": "assessment"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "2361bdbb20cb73874db26835c3218588", "key": "cpe"}, {"hash": "d3e3c5c7c6fe9dfb6b22e7b39109476c", "key": "cvelist"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "4cd51b8cba5b14906d591be094e41671", "key": "description"}, {"hash": "413f9619e145d305cdb02aae366d64dc", "key": "href"}, {"hash": "e01abeb4d1b933419226a2e494cb9050", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "de71144d5d417b9df59c589635e08d08", "key": "published"}, {"hash": "6969ee2bbaaa9fb8616cec003dc8229a", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "4eaa72f613b6dfa46cc4fb77d2146b0a", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:redhat:network_satellite:5.7", "cpe:/a:redhat:spacewalk-java:-"], "assessment": {"system": "", "name": "", "href": ""}, "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "edition": 1, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}, "vulnersScore": 4.3}, "type": "cve", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).", "title": "CVE-2016-3079", "history": [], "objectVersion": "1.2", "cvelist": ["CVE-2016-3079"], "published": "2016-04-14T10:59:08", "references": ["https://github.com/spacewalkproject/spacewalk/commit/982b11c9", "https://bugzilla.redhat.com/show_bug.cgi?id=1320452", "https://github.com/spacewalkproject/spacewalk/commit/7920542f", "https://bugzilla.redhat.com/show_bug.cgi?id=1320444", "https://github.com/spacewalkproject/spacewalk/commit/7b9ff9ad", "https://bugzilla.redhat.com/show_bug.cgi?id=1320940", "https://github.com/spacewalkproject/spacewalk/commit/b6491eba", "http://rhn.redhat.com/errata/RHSA-2016-0590.html"], "reporter": "NVD", "scanner": [], "modified": "2016-04-18T14:14:21", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3079"}
{"redhat": [{"lastseen": "2018-12-11T19:41:12", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.3.8-134.el6sat", "arch": "noarch", "packageName": "spacewalk-taskomatic", "packageFilename": "spacewalk-taskomatic-2.3.8-134.el6sat.noarch.rpm", "operator": "lt"}], "description": "Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and the remote management of multiple Linux deployments with a single, centralized tool.\n\nSecurity Fix(es):\n\n* A cross-site scripting (XSS) flaw was found in how XML data was handled in Red Hat Satellite. A user able to use the XMLRPC API could exploit this flaw to perform XSS attacks against other Satellite users. (CVE-2015-0284)\n\n* Multiple cross-site scripting (XSS) flaws were found in the way certain form data was handled in Red Hat Satellite. A user able to enter form data could use these flaws to perform XSS attacks against other Satellite users. (CVE-2016-2103, CVE-2016-3079)\n\n* Multiple cross-site scripting (XSS) flaws were found in the way HTTP GET parameter data was handled in Red Hat Satellite. A user able to provide malicious links to a Satellite user could use these flaws to perform XSS attacks against other Satellite users. (CVE-2016-2104)\n\nRed Hat would like to thank Adam Willard (Raytheon Foreground Security) for reporting CVE-2016-2104. The CVE-2015-0284 and CVE-2016-3079 issues were discovered by Jan Huta\u0159 (Red Hat).", "reporter": "RedHat", "published": "2016-04-04T04:00:00", "type": "redhat", "title": "(RHSA-2016:0590) Moderate: spacewalk-java security update", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0284", "CVE-2016-2103", "CVE-2016-2104", "CVE-2016-3079"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:02:29", "id": "RHSA-2016:0590", "href": "https://access.redhat.com/errata/RHSA-2016:0590", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-01-16T20:23:48", "references": ["https://access.redhat.com/security/cve/cve-2016-2104", "https://access.redhat.com/security/cve/cve-2016-3079", "https://access.redhat.com/security/cve/cve-2016-2103", "https://access.redhat.com/security/cve/cve-2015-0284", "https://access.redhat.com/errata/RHSA-2016:0590"], "pluginID": "90343", "description": "An update for spacewalk-java is now available for Red Hat Satellite\n5.7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat Satellite is a system management tool for Linux-based\ninfrastructures. It allows for provisioning, monitoring, and the\nremote management of multiple Linux deployments with a single,\ncentralized tool.\n\nSecurity Fix(es) :\n\n* A cross-site scripting (XSS) flaw was found in how XML data was\nhandled in Red Hat Satellite. A user able to use the XMLRPC API could\nexploit this flaw to perform XSS attacks against other Satellite\nusers. (CVE-2015-0284)\n\n* Multiple cross-site scripting (XSS) flaws were found in the way\ncertain form data was handled in Red Hat Satellite. A user able to\nenter form data could use these flaws to perform XSS attacks against\nother Satellite users. (CVE-2016-2103, CVE-2016-3079)\n\n* Multiple cross-site scripting (XSS) flaws were found in the way HTTP\nGET parameter data was handled in Red Hat Satellite. A user able to\nprovide malicious links to a Satellite user could use these flaws to\nperform XSS attacks against other Satellite users. (CVE-2016-2104)\n\nRed Hat would like to thank Adam Willard (Raytheon Foreground\nSecurity) for reporting CVE-2016-2104. The CVE-2015-0284 and\nCVE-2016-3079 issues were discovered by Jan Hutar (Red Hat).", "edition": 10, "reporter": "Tenable", "published": "2016-04-05T00:00:00", "title": "RHEL 6 : postgresql92 in Satellite Server (RHSA-2016:0590)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2103", "CVE-2015-0284", "CVE-2016-3079", "CVE-2016-2104"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:spacewalk-java-oracle", "p-cpe:/a:redhat:enterprise_linux:spacewalk-java-lib", "p-cpe:/a:redhat:enterprise_linux:spacewalk-java-config", "p-cpe:/a:redhat:enterprise_linux:spacewalk-taskomatic", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:spacewalk-java-postgresql", "p-cpe:/a:redhat:enterprise_linux:spacewalk-java"], "id": "REDHAT-RHSA-2016-0590.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=90343", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0590. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90343);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:55\");\n\n script_cve_id(\"CVE-2015-0284\", \"CVE-2016-2103\", \"CVE-2016-2104\", \"CVE-2016-3079\");\n script_xref(name:\"RHSA\", value:\"2016:0590\");\n\n script_name(english:\"RHEL 6 : postgresql92 in Satellite Server (RHSA-2016:0590)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for spacewalk-java is now available for Red Hat Satellite\n5.7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat Satellite is a system management tool for Linux-based\ninfrastructures. It allows for provisioning, monitoring, and the\nremote management of multiple Linux deployments with a single,\ncentralized tool.\n\nSecurity Fix(es) :\n\n* A cross-site scripting (XSS) flaw was found in how XML data was\nhandled in Red Hat Satellite. A user able to use the XMLRPC API could\nexploit this flaw to perform XSS attacks against other Satellite\nusers. (CVE-2015-0284)\n\n* Multiple cross-site scripting (XSS) flaws were found in the way\ncertain form data was handled in Red Hat Satellite. A user able to\nenter form data could use these flaws to perform XSS attacks against\nother Satellite users. (CVE-2016-2103, CVE-2016-3079)\n\n* Multiple cross-site scripting (XSS) flaws were found in the way HTTP\nGET parameter data was handled in Red Hat Satellite. A user able to\nprovide malicious links to a Satellite user could use these flaws to\nperform XSS attacks against other Satellite users. (CVE-2016-2104)\n\nRed Hat would like to thank Adam Willard (Raytheon Foreground\nSecurity) for reporting CVE-2016-2104. The CVE-2015-0284 and\nCVE-2016-3079 issues were discovered by Jan Hutar (Red Hat).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2103\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spacewalk-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spacewalk-java-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spacewalk-java-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spacewalk-java-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spacewalk-java-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spacewalk-taskomatic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0590\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"rhn-satellite\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL6\", reference:\"spacewalk-java-2.3.8-134.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spacewalk-java-config-2.3.8-134.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spacewalk-java-lib-2.3.8-134.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spacewalk-java-oracle-2.3.8-134.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spacewalk-java-postgresql-2.3.8-134.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"spacewalk-taskomatic-2.3.8-134.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"spacewalk-java / spacewalk-java-config / spacewalk-java-lib / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
