(RHSA-2014:1184) Important: spacewalk-java security update

ID RHSA-2014:1184
Type redhat
Reporter RedHat
Modified 2018-06-07T09:02:30


Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. The spacewalk-java packages contain the code for the Java version of the Spacewalk Web site.

A stored cross-site scripting (XSS) flaw was found in the way spacewalk-java displayed log files. By sending a specially crafted request to Satellite, a remote attacker could embed HTML content into the log file, allowing them to inject malicious content into the web page that is used to view that log file. (CVE-2014-3595)

Red Hat would like to thank Ron Bowes of Google for reporting this issue.

All spacewalk-java users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.