CVE-2014-3654

Multiple cross-site scripting XSS vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network RHN Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 kickstart/cobbler/CustomSnippetList.do, 2...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network RHN Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 kickstart/cobbler/CustomSnippetList.do, 2...

CVE-2014-3654

CVE-2014-3654 affects spacewalk-java 2.0.2 used in Spacewalk and RHN Satellite (Spacewalk 2.x). The issue is stored XSS via multiple endpoints: kickstart/cobbler/CustomSnippetList.do, channels/software/Entitlements.do, and admin/multiorg/OrgUsers.do. Affected products report XSS in spacewalk-java...

PT-2014-5437 · Red Hat · Spacewalk-Java +1

Name of the Vulnerable Software and Affected Versions: spacewalk-java version 2.0.2 Red Hat Network RHN Satellite versions 5.5 through 5.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to API endpoints such as...

Moderate: Red Hat Security Advisory: spacewalk-java security update

Updated spacewalk-java packages that fix one security issue are now available for Red Hat Satellite 5.5 and 5.6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Cross site scripting

Cross-site scripting XSS vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network RHN Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging...

CVE-2014-3595

Cross-site scripting XSS vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network RHN Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging...

CVE-2014-3595

CVE-2014-3595 affects spacewalk-java components (versions 1.2.39, 1.7.54, 2.0.2) used by Spacewalk/RHN Satellite 5.4–5.6. Root cause: a stored XSS flaw where a crafted request, not properly sanitized during logging, allows injection of arbitrary HTML/JS into the log view page. Impact: remote atta...

Important: Red Hat Security Advisory: spacewalk-java security update

Updated spacewalk-java packages that fix one security issue are now available for Red Hat Satellite 5.4, 5.5, and 5.6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

CVE-2010-2236

The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network RHN Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors,...

Open redirect

The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network RHN Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors,...

CVE-2010-2236

The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network RHN Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors,...

CVE-2010-2236

The CVE-2010-2236 issue concerns the monitoring probe display in spacewalk-java (before 2.1.148-1) and RHN Satellite (4.0.0–4.2.0, 5.1.0–5.3.0) and Proxy 5.3.0. It allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors,...

CVE-2013-1869

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via the returnurl parameter...

Crlf injection

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via the returnurl parameter...

CVE-2013-1869

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via the returnurl parameter...

CVE-2013-1869

CVE-2013-1869 affects spacewalk-java before 2.1.148-1 and Red Hat Network Satellite 5.6, allowing remote header injection via the return_url parameter that can enable HTTP response splitting and XSS. Responsible updates are in RHSA-2014:0148 (spacewalk-java, spacewalk-web, satellite-branding); ap...

RHEL 5 / 6 : spacewalk-java in Satellite Server (RHSA-2013:1514)

Updated spacewalk-java packages that fix one security issue are now available for Red Hat Satellite 5.3, 5.4, 5.5 and 5.6. The Red Hat Security Response Team has rated this update as having a critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Critical: Red Hat Security Advisory: spacewalk-java security update

Updated spacewalk-java packages that fix one security issue are now available for Red Hat Satellite 5.3, 5.4, 5.5 and 5.6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Spacewalk Java site packages aka spacewalk-java 1.2.39 in Spacewalk, as used in the server in Red Hat Network Satellite 5.3.0 through 5.4.1 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests...