Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2014:1184
HistorySep 11, 2014 - 12:00 a.m.

(RHSA-2014:1184) Important: spacewalk-java security update

2014-09-1100:00:00
access.redhat.com
13

0.002 Low

EPSS

Percentile

59.6%

JSON

Red Hat Satellite is a systems management tool for Linux-based
infrastructures. It allows for provisioning, monitoring, and remote
management of multiple Linux deployments with a single, centralized tool.
The spacewalk-java packages contain the code for the Java version of the
Spacewalk Web site.

A stored cross-site scripting (XSS) flaw was found in the way
spacewalk-java displayed log files. By sending a specially crafted request
to Satellite, a remote attacker could embed HTML content into the log file,
allowing them to inject malicious content into the web page that is used to
view that log file. (CVE-2014-3595)

Red Hat would like to thank Ron Bowes of Google for reporting this issue.

All spacewalk-java users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

OSVersionArchitecturePackageVersionFilename
RedHat6noarchspacewalk-taskomatic< 1.2.39-137.el6satspacewalk-taskomatic-1.2.39-137.el6sat.noarch.rpm
RedHat6noarchspacewalk-java-lib< 1.7.54-129.el6satspacewalk-java-lib-1.7.54-129.el6sat.noarch.rpm
RedHat6noarchspacewalk-java-oracle< 2.0.2-85.el6satspacewalk-java-oracle-2.0.2-85.el6sat.noarch.rpm
RedHat5noarchspacewalk-java-oracle< 2.0.2-85.el5satspacewalk-java-oracle-2.0.2-85.el5sat.noarch.rpm
RedHat6noarchspacewalk-java-config< 1.7.54-129.el6satspacewalk-java-config-1.7.54-129.el6sat.noarch.rpm
RedHat6noarchspacewalk-java< 1.2.39-137.el6satspacewalk-java-1.2.39-137.el6sat.noarch.rpm
RedHat6noarchspacewalk-java-config< 1.2.39-137.el6satspacewalk-java-config-1.2.39-137.el6sat.noarch.rpm
RedHat5noarchspacewalk-taskomatic< 1.2.39-137.el5satspacewalk-taskomatic-1.2.39-137.el5sat.noarch.rpm
RedHat6noarchspacewalk-java< 2.0.2-85.el6satspacewalk-java-2.0.2-85.el6sat.noarch.rpm
RedHat5noarchspacewalk-java-oracle< 1.2.39-137.el5satspacewalk-java-oracle-1.2.39-137.el5sat.noarch.rpm
Rows per page:
1-10 of 381

Related

veracode 1
suse 2
nvd 1
prion 1
cvelist 1
cve 1
veracode
veracode
Cross-site Scripting (XSS)
2019-01-15 09:01:03
suse
suse
Security update for spacewalk-java (important)
2014-09-25 19:04:16
Security update for spacewalk-java (important)
2014-10-31 18:05:11
nvd
nvd
CVE-2014-3595
2014-09-22 15:55:07
prion
prion
Cross site scripting
2014-09-22 15:55:00
cvelist
cvelist
CVE-2014-3595
2014-09-22 15:00:00
cve
cve
CVE-2014-3595
2014-09-22 15:55:07

0.002 Low

EPSS

Percentile

59.6%

JSON
Related for RHSA-2014:1184
veracode1suse2nvd1prion1cvelist1cve1