Bug 850927 (CVE-2013-1871) - VUL-1: CVE-2013-1871: spacewalk: XSS in EditAddress page
Summary: VUL-1: CVE-2013-1871: spacewalk: XSS in EditAddress page
Status: RESOLVED FIXED
Alias: CVE-2013-1871
Product: SUSE Security Incidents
Classification: Novell Products
Component: General (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Deadline: 2014-01-31
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle11-sp2:55953
Keywords:
Depends on:
Blocks:
 
Reported: 2013-11-18 15:48 UTC by Thomas Biege
Modified: 2014-02-11 18:05 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
spacewalk_820005_patch.diff (1.57 KB, patch)
2013-11-18 15:48 UTC, Thomas Biege 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2013-11-18 15:48:02 UTC 
Created attachment 567893 [details]
spacewalk_820005_patch.diff

https://bugzilla.redhat.com/show_bug.cgi?id=923467
Comment 1 Thomas Biege 2013-11-18 15:48:30 UTC 
Vincent Danen 2013-03-19 19:04:34 EDT
Ryan Giobbi from UPMC reported an XSS flaw in the EditAddress.do page:

Request

GET /rhn/account/EditAddress.do?type=M83ab7<script>alert(1)</script>c47ea873a9d&uid=41 HTTP/1.1
Host: host.example.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Thu, 21 Feb 2013 18:24:04 GMT
Content-Type: text/html;charset=UTF-8
Set-Cookie: pxt-session-cookie=7053xcace9e6d1158735e6f047ab49e4e509c; Path=/; Secure; HttpOnly
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="e
...[SNIP]...
<h2>
**address type M83ab7<script>alert(1)</script>c47ea873a9d**
Record:
</h2>
...[SNIP]...
Comment 3 Swamp Workflow Management 2013-11-18 23:00:21 UTC 
bugbot adjusting priority
Comment 4 Swamp Workflow Management 2014-01-17 12:36:47 UTC 
The SWAMPID for this issue is 55894.
This issue was rated as moderate.
Please submit fixed packages until 2014-01-31.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 9 Alexander Bergmann 2014-02-10 17:37:05 UTC 
Public now.
Comment 10 Marcus Meissner 2014-02-11 12:01:17 UTC 
released
Comment 11 Swamp Workflow Management 2014-02-11 14:55:29 UTC 
Update released for: spacewalk-backend, spacewalk-backend-app, spacewalk-backend-applet, spacewalk-backend-config-files, spacewalk-backend-config-files-common, spacewalk-backend-config-files-tool, spacewalk-backend-iss, spacewalk-backend-iss-export, spacewalk-backend-libs, spacewalk-backend-package-push-server, spacewalk-backend-server, spacewalk-backend-sql, spacewalk-backend-sql-oracle, spacewalk-backend-sql-postgresql, spacewalk-backend-tools, spacewalk-backend-xml-export-libs, spacewalk-backend-xmlrpc, spacewalk-backend-xp, spacewalk-base, spacewalk-base-minimal, spacewalk-branding, spacewalk-certs-tools, spacewalk-dobby, spacewalk-grail, spacewalk-html, spacewalk-java, spacewalk-java-config, spacewalk-java-lib, spacewalk-java-oracle, spacewalk-java-postgresql, spacewalk-java-tests, spacewalk-pxt, spacewalk-search, spacewalk-sniglets, spacewalk-taskomatic, spacewalk-utils, spacewalk-web, susemanager, susemanager-tools
Products:
SUSE-MANAGER 1.7 (x86_64)
Comment 12 Swamp Workflow Management 2014-02-11 18:05:50 UTC 
SUSE-SU-2014:0222-1: An update that solves 5 vulnerabilities and has 6 fixes is now available.

Category: security (moderate)
Bug References: 834415,846356,850925,850927,850928,850929,850930,853913,854090,858197,858652
CVE References: CVE-2010-2236,CVE-2012-6149,CVE-2013-1869,CVE-2013-1871,CVE-2013-4415
Sources used:
SUSE Manager 1.7 for SLE 11 SP2 (src):    spacewalk-backend-1.7.38.31-0.5.1, spacewalk-branding-1.7.1.11-0.5.1, spacewalk-certs-tools-1.7.3.11-0.5.1, spacewalk-java-1.7.54.30-0.5.1, spacewalk-search-1.7.3.12-0.5.1, spacewalk-utils-1.7.15.12-0.5.3, spacewalk-web-1.7.28.20-0.5.1, susemanager-1.7.27-0.5.2