SNS Vulnerability

Red Hat Spacewalk Two Cross-Site Scripting Vulnerabilities Fixed by 2.3.8-133

Description

(:Two cross-site scripting vulnerabilities have been identified in Red Hat Spacewalk.:An authenticated remote attacker can exploit it in order to execute arbitrary Javascript or HTML code by inciting their victim into following a specially formed link.::Vulnerabilities are located in "/rhn/systems/SystemEntitlements.do", and in the "label" parameter of the "/rhn/admin/multiorg/EntitlementDetails.do" page.::A proof of concept is available.)

Vulnerable Products

Vulnerable Software:
Spacewalk (Red Hat) - 0.6, 0.7, 0.8, 1.0, 1.1, ..., 2.0, 2.1, 2.2, 2.3, 2.3.124

Solution

Version 2.3.8-133 of Spacewalk fixes these vulnerabilities.

CVE

CVE-2016-3079

References

- Red Hat Bug 1320444 : (CVE-2016-3079) XSS on pages for entitlements management
https://bugzilla.redhat.com/show_bug.cgi?id=1320444

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0

Risk level

Low

Vulnerability First Public Report Date

2016-03-23

Target Type

Server

Possible exploit

Remote