Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1869

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-1869
Last Modified 01 Apr 2014 10:46:27
Published 01 Apr 2014 02:35:52
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-1869

Summary

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.

Vulnerable Systems

Application

  • Redhat Network Satellite 5.6

  • Redhat Spacewalk-java 2.1.147-1


References

SUSE - SUSE-SU-2014:0222

CONFIRM - https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=923464

SECUNIA - 56952

REDHAT - RHSA-2014:0148


Last Updated: 27 May 2016 11:04:49