Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2013-1869
Vulnerability from cvelistv5
Published
2014-04-01 01:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:36.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923464"
},
{
"name": "56952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56952"
},
{
"name": "RHSA-2014:0148",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0148.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"
},
{
"name": "SUSE-SU-2014:0222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-01T00:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923464"
},
{
"name": "56952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56952"
},
{
"name": "RHSA-2014:0148",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0148.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"
},
{
"name": "SUSE-SU-2014:0222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=923464",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923464"
},
{
"name": "56952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56952"
},
{
"name": "RHSA-2014:0148",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0148.html"
},
{
"name": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f",
"refsource": "CONFIRM",
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"
},
{
"name": "SUSE-SU-2014:0222",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1869",
"datePublished": "2014-04-01T01:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:36.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4840254-CC76-4113-BC61-360BD15582B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:spacewalk-java:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.1.147-1\", \"matchCriteriaId\": \"BF0E732F-CA6D-4AE5-AC20-46DB629B1C95\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de inyecci\\u00f3n CRLF en spacewalk-java anterior a 2.1.148-1 y el sat\\u00e9lite de Red Hat Network (RHN) 5.6 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias, y realizar ataques de divisi\\u00f3n de respuestas HTTP y ataques de XSS, a trav\\u00e9s del par\\u00e1metro return_url.\"}]",
"id": "CVE-2013-1869",
"lastModified": "2024-11-21T01:50:33.757",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2014-04-01T06:35:52.687",
"references": "[{\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-0148.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/56952\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=923464\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-0148.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/56952\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=923464\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2013-1869\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-04-01T06:35:52.687\",\"lastModified\":\"2024-11-21T01:50:33.757\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n CRLF en spacewalk-java anterior a 2.1.148-1 y el sat\u00e9lite de Red Hat Network (RHN) 5.6 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias, y realizar ataques de divisi\u00f3n de respuestas HTTP y ataques de XSS, a trav\u00e9s del par\u00e1metro return_url.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4840254-CC76-4113-BC61-360BD15582B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:spacewalk-java:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.1.147-1\",\"matchCriteriaId\":\"BF0E732F-CA6D-4AE5-AC20-46DB629B1C95\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0148.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/56952\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=923464\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0148.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/56952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=923464\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
cve-2013-1869
Vulnerability from fkie_nvd
Published
2014-04-01 06:35
Modified
2024-11-21 01:50
Severity ?
Summary
CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | satellite | 5.6 | |
| redhat | spacewalk-java | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:spacewalk-java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0E732F-CA6D-4AE5-AC20-46DB629B1C95",
"versionEndIncluding": "2.1.147-1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en spacewalk-java anterior a 2.1.148-1 y el sat\u00e9lite de Red Hat Network (RHN) 5.6 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias, y realizar ataques de divisi\u00f3n de respuestas HTTP y ataques de XSS, a trav\u00e9s del par\u00e1metro return_url."
}
],
"id": "CVE-2013-1869",
"lastModified": "2024-11-21T01:50:33.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-01T06:35:52.687",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0148.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56952"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923464"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"
},
{
"source": "secalert@redhat.com",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0148.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2013-1869
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-1869",
"description": "CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.",
"id": "GSD-2013-1869",
"references": [
"https://www.suse.com/security/cve/CVE-2013-1869.html",
"https://access.redhat.com/errata/RHSA-2014:0148"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2013-1869"
],
"details": "CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.",
"id": "GSD-2013-1869",
"modified": "2023-12-13T01:22:21.160153Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=923464",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923464"
},
{
"name": "56952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56952"
},
{
"name": "RHSA-2014:0148",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0148.html"
},
{
"name": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f",
"refsource": "CONFIRM",
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"
},
{
"name": "SUSE-SU-2014:0222",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:spacewalk-java:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1.147-1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1869"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56952",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56952"
},
{
"name": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"
},
{
"name": "SUSE-SU-2014:0222",
"refsource": "SUSE",
"tags": [],
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=923464",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923464"
},
{
"name": "RHSA-2014:0148",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0148.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2022-02-03T16:26Z",
"publishedDate": "2014-04-01T06:35Z"
}
}
}
rhsa-2014_0148
Vulnerability from csaf_redhat
Published
2014-02-10 17:29
Modified
2024-11-22 07:25
Summary
Red Hat Security Advisory: spacewalk-java, spacewalk-web and satellite-branding security update
Notes
Topic
Updated spacewalk-java, spacewalk-web, and satellite-branding packages that
fix multiple security issues are now available for Red Hat Satellite 5.6.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Satellite is a systems management tool for Linux-based
infrastructures. It allows for provisioning, remote management and
monitoring of multiple Linux deployments with a single, centralized tool.
A cross-site scripting (XSS) flaw was found in the way the Red Hat
Satellite web interface performed sanitization of notes for registered
systems. A remote authenticated Red Hat Satellite user could create a
malicious note that, when viewed by a victim, could execute arbitrary web
script with the privileges of the user viewing that note. (CVE-2012-6149)
Multiple cross-site scripting (XSS) flaws were found in the Red Hat
Satellite web interface. A remote attacker could provide a specially
crafted link that, when visited by an authenticated Red Hat Satellite user,
would lead to arbitrary web script execution in the context of the user's
web interface session. (CVE-2013-1871, CVE-2013-4415)
An HTTP header injection flaw was found in the way the Red Hat Satellite
web interface processed the return URL parameter for all HTTP GET requests.
A remote attacker could use this flaw to conduct cross-site scripting (XSS)
and HTTP response splitting attacks against users visiting the site.
(CVE-2013-1869)
Red Hat would like to thank Ben Ford of Puppet Labs for reporting
CVE-2012-6149, Ryan Giobbi of UPMC for reporting CVE-2013-1869 and
CVE-2013-1871, and Adam Willard and Jose Carlos de Arriba of Foreground
Security for reporting CVE-2013-4415.
Users of Red Hat Satellite 5.6 are advised to upgrade to these updated
packages, which resolve these issues. For this update to take effect, Red
Hat Satellite must be restarted. Refer to the Solution section for details.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated spacewalk-java, spacewalk-web, and satellite-branding packages that\nfix multiple security issues are now available for Red Hat Satellite 5.6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a systems management tool for Linux-based\ninfrastructures. It allows for provisioning, remote management and\nmonitoring of multiple Linux deployments with a single, centralized tool.\n\nA cross-site scripting (XSS) flaw was found in the way the Red Hat\nSatellite web interface performed sanitization of notes for registered\nsystems. A remote authenticated Red Hat Satellite user could create a\nmalicious note that, when viewed by a victim, could execute arbitrary web\nscript with the privileges of the user viewing that note. (CVE-2012-6149)\n\nMultiple cross-site scripting (XSS) flaws were found in the Red Hat\nSatellite web interface. A remote attacker could provide a specially\ncrafted link that, when visited by an authenticated Red Hat Satellite user,\nwould lead to arbitrary web script execution in the context of the user\u0027s\nweb interface session. (CVE-2013-1871, CVE-2013-4415)\n\nAn HTTP header injection flaw was found in the way the Red Hat Satellite\nweb interface processed the return URL parameter for all HTTP GET requests.\nA remote attacker could use this flaw to conduct cross-site scripting (XSS)\nand HTTP response splitting attacks against users visiting the site.\n(CVE-2013-1869)\n\nRed Hat would like to thank Ben Ford of Puppet Labs for reporting\nCVE-2012-6149, Ryan Giobbi of UPMC for reporting CVE-2013-1869 and\nCVE-2013-1871, and Adam Willard and Jose Carlos de Arriba of Foreground\nSecurity for reporting CVE-2013-4415.\n\nUsers of Red Hat Satellite 5.6 are advised to upgrade to these updated\npackages, which resolve these issues. For this update to take effect, Red\nHat Satellite must be restarted. Refer to the Solution section for details.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0148",
"url": "https://access.redhat.com/errata/RHSA-2014:0148"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "882000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=882000"
},
{
"category": "external",
"summary": "923464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923464"
},
{
"category": "external",
"summary": "923467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923467"
},
{
"category": "external",
"summary": "979452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=979452"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0148.json"
}
],
"title": "Red Hat Security Advisory: spacewalk-java, spacewalk-web and satellite-branding security update",
"tracking": {
"current_release_date": "2024-11-22T07:25:10+00:00",
"generator": {
"date": "2024-11-22T07:25:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2014:0148",
"initial_release_date": "2014-02-10T17:29:31+00:00",
"revision_history": [
{
"date": "2014-02-10T17:29:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-02-10T17:29:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T07:25:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 5.6 (RHEL v.5)",
"product": {
"name": "Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.6::el5"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product": {
"name": "Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite_managed_db:5.6::el5"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 5.6 (RHEL v.6)",
"product": {
"name": "Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.6::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product": {
"name": "Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite_managed_db:5.6::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite"
},
{
"branches": [
{
"category": "product_version",
"name": "spacewalk-web-0:2.0.3-19.el5sat.src",
"product": {
"name": "spacewalk-web-0:2.0.3-19.el5sat.src",
"product_id": "spacewalk-web-0:2.0.3-19.el5sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-web@2.0.3-19.el5sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-branding-0:5.6.0.23-1.el5sat.src",
"product": {
"name": "satellite-branding-0:5.6.0.23-1.el5sat.src",
"product_id": "satellite-branding-0:5.6.0.23-1.el5sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-branding@5.6.0.23-1.el5sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-0:2.0.2-58.el5sat.src",
"product": {
"name": "spacewalk-java-0:2.0.2-58.el5sat.src",
"product_id": "spacewalk-java-0:2.0.2-58.el5sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java@2.0.2-58.el5sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "spacewalk-web-0:2.0.3-19.el6sat.src",
"product": {
"name": "spacewalk-web-0:2.0.3-19.el6sat.src",
"product_id": "spacewalk-web-0:2.0.3-19.el6sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-web@2.0.3-19.el6sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-branding-0:5.6.0.23-1.el6sat.src",
"product": {
"name": "satellite-branding-0:5.6.0.23-1.el6sat.src",
"product_id": "satellite-branding-0:5.6.0.23-1.el6sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-branding@5.6.0.23-1.el6sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-0:2.0.2-58.el6sat.src",
"product": {
"name": "spacewalk-java-0:2.0.2-58.el6sat.src",
"product_id": "spacewalk-java-0:2.0.2-58.el6sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java@2.0.2-58.el6sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-dobby@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base-minimal@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-html@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base-minimal-config@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-sniglets@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-grail@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-pxt@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"product": {
"name": "satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"product_id": "satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-branding@5.6.0.23-1.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-java-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-java-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-postgresql@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-config@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-taskomatic@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-lib@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-oracle@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base-minimal@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-dobby@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-grail@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-html@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-pxt@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-sniglets@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base-minimal-config@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"product": {
"name": "satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"product_id": "satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-branding@5.6.0.23-1.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-taskomatic@2.0.2-58.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-lib@2.0.2-58.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-oracle@2.0.2-58.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-config@2.0.2-58.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-postgresql@2.0.2-58.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-java-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-java-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java@2.0.2-58.el6sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-grail-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-web-0:2.0.3-19.el5sat.src as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src"
},
"product_reference": "spacewalk-web-0:2.0.3-19.el5sat.src",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-branding-0:5.6.0.23-1.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch"
},
"product_reference": "satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-branding-0:5.6.0.23-1.el5sat.src as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src"
},
"product_reference": "satellite-branding-0:5.6.0.23-1.el5sat.src",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-grail-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-java-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-0:2.0.2-58.el5sat.src as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src"
},
"product_reference": "spacewalk-java-0:2.0.2-58.el5sat.src",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-web-0:2.0.3-19.el5sat.src as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src"
},
"product_reference": "spacewalk-web-0:2.0.3-19.el5sat.src",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-grail-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-web-0:2.0.3-19.el6sat.src as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src"
},
"product_reference": "spacewalk-web-0:2.0.3-19.el6sat.src",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-branding-0:5.6.0.23-1.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch"
},
"product_reference": "satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-branding-0:5.6.0.23-1.el6sat.src as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src"
},
"product_reference": "satellite-branding-0:5.6.0.23-1.el6sat.src",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-grail-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-java-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-0:2.0.2-58.el6sat.src as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src"
},
"product_reference": "spacewalk-java-0:2.0.2-58.el6sat.src",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-web-0:2.0.3-19.el6sat.src as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
},
"product_reference": "spacewalk-web-0:2.0.3-19.el6sat.src",
"relates_to_product_reference": "6Server-Satellite56"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ben Ford"
],
"organization": "Puppet Labs"
}
],
"cve": "CVE-2012-6149",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2012-11-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "882000"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "(spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note\u0027s subject and content",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-6149"
},
{
"category": "external",
"summary": "RHBZ#882000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=882000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-6149",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-6149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6149"
}
],
"release_date": "2014-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-10T17:29:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nRun the following command to restart the Red Hat Satellite server:\n\n# rhn-satellite restart",
"product_ids": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0148"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "(spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note\u0027s subject and content"
},
{
"acknowledgments": [
{
"names": [
"Ryan Giobbi"
],
"organization": "UPMC"
}
],
"cve": "CVE-2013-1869",
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "923464"
}
],
"notes": [
{
"category": "description",
"text": "CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Satellite/Spacewalk: header injection flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1869"
},
{
"category": "external",
"summary": "RHBZ#923464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1869",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1869"
}
],
"release_date": "2014-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-10T17:29:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nRun the following command to restart the Red Hat Satellite server:\n\n# rhn-satellite restart",
"product_ids": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0148"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Satellite/Spacewalk: header injection flaw"
},
{
"acknowledgments": [
{
"names": [
"Ryan Giobbi"
],
"organization": "UPMC"
}
],
"cve": "CVE-2013-1871",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "923467"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Satellite/Spacewalk: XSS in EditAddress page",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1871"
},
{
"category": "external",
"summary": "RHBZ#923467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1871",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1871"
}
],
"release_date": "2014-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-10T17:29:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nRun the following command to restart the Red Hat Satellite server:\n\n# rhn-satellite restart",
"product_ids": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0148"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Satellite/Spacewalk: XSS in EditAddress page"
},
{
"acknowledgments": [
{
"names": [
"Adam Willard"
]
},
{
"names": [
"Jose Carlos de Arriba"
],
"organization": "Foreground Security"
}
],
"cve": "CVE-2013-4415",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "979452"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10) optionScanDateSearch, (11) result_filter, (12) search_string, (13) show_as, (14) start_am_pm, (15) start_day, (16) start_hour, (17) start_minute, (18) start_month, (19) start_year, or (20) whereToSearch variable in an scap audit results search; (21) end_minute, (22) end_month, (23) end_year, (24) errata_type_bug, (25) errata_type_enhancement, (26) errata_type_security, (27) fineGrained, (28) list_1892635924_sortdir, (29) optionIssueDateSearch, (30) start_am_pm, (31) start_day, (32) start_hour, (33) start_minute, (34) start_month, (35) start_year, or (36) view_mode variable in an errata search; or (37) fineGrained variable in a systems search, related to PAGE_SIZE_LABEL_SELECTED.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4415"
},
{
"category": "external",
"summary": "RHBZ#979452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=979452"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4415"
}
],
"release_date": "2014-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-10T17:29:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nRun the following command to restart the Red Hat Satellite server:\n\n# rhn-satellite restart",
"product_ids": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0148"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)"
}
]
}
rhsa-2014:0148
Vulnerability from csaf_redhat
Published
2014-02-10 17:29
Modified
2024-11-22 07:25
Summary
Red Hat Security Advisory: spacewalk-java, spacewalk-web and satellite-branding security update
Notes
Topic
Updated spacewalk-java, spacewalk-web, and satellite-branding packages that
fix multiple security issues are now available for Red Hat Satellite 5.6.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Satellite is a systems management tool for Linux-based
infrastructures. It allows for provisioning, remote management and
monitoring of multiple Linux deployments with a single, centralized tool.
A cross-site scripting (XSS) flaw was found in the way the Red Hat
Satellite web interface performed sanitization of notes for registered
systems. A remote authenticated Red Hat Satellite user could create a
malicious note that, when viewed by a victim, could execute arbitrary web
script with the privileges of the user viewing that note. (CVE-2012-6149)
Multiple cross-site scripting (XSS) flaws were found in the Red Hat
Satellite web interface. A remote attacker could provide a specially
crafted link that, when visited by an authenticated Red Hat Satellite user,
would lead to arbitrary web script execution in the context of the user's
web interface session. (CVE-2013-1871, CVE-2013-4415)
An HTTP header injection flaw was found in the way the Red Hat Satellite
web interface processed the return URL parameter for all HTTP GET requests.
A remote attacker could use this flaw to conduct cross-site scripting (XSS)
and HTTP response splitting attacks against users visiting the site.
(CVE-2013-1869)
Red Hat would like to thank Ben Ford of Puppet Labs for reporting
CVE-2012-6149, Ryan Giobbi of UPMC for reporting CVE-2013-1869 and
CVE-2013-1871, and Adam Willard and Jose Carlos de Arriba of Foreground
Security for reporting CVE-2013-4415.
Users of Red Hat Satellite 5.6 are advised to upgrade to these updated
packages, which resolve these issues. For this update to take effect, Red
Hat Satellite must be restarted. Refer to the Solution section for details.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated spacewalk-java, spacewalk-web, and satellite-branding packages that\nfix multiple security issues are now available for Red Hat Satellite 5.6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a systems management tool for Linux-based\ninfrastructures. It allows for provisioning, remote management and\nmonitoring of multiple Linux deployments with a single, centralized tool.\n\nA cross-site scripting (XSS) flaw was found in the way the Red Hat\nSatellite web interface performed sanitization of notes for registered\nsystems. A remote authenticated Red Hat Satellite user could create a\nmalicious note that, when viewed by a victim, could execute arbitrary web\nscript with the privileges of the user viewing that note. (CVE-2012-6149)\n\nMultiple cross-site scripting (XSS) flaws were found in the Red Hat\nSatellite web interface. A remote attacker could provide a specially\ncrafted link that, when visited by an authenticated Red Hat Satellite user,\nwould lead to arbitrary web script execution in the context of the user\u0027s\nweb interface session. (CVE-2013-1871, CVE-2013-4415)\n\nAn HTTP header injection flaw was found in the way the Red Hat Satellite\nweb interface processed the return URL parameter for all HTTP GET requests.\nA remote attacker could use this flaw to conduct cross-site scripting (XSS)\nand HTTP response splitting attacks against users visiting the site.\n(CVE-2013-1869)\n\nRed Hat would like to thank Ben Ford of Puppet Labs for reporting\nCVE-2012-6149, Ryan Giobbi of UPMC for reporting CVE-2013-1869 and\nCVE-2013-1871, and Adam Willard and Jose Carlos de Arriba of Foreground\nSecurity for reporting CVE-2013-4415.\n\nUsers of Red Hat Satellite 5.6 are advised to upgrade to these updated\npackages, which resolve these issues. For this update to take effect, Red\nHat Satellite must be restarted. Refer to the Solution section for details.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0148",
"url": "https://access.redhat.com/errata/RHSA-2014:0148"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "882000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=882000"
},
{
"category": "external",
"summary": "923464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923464"
},
{
"category": "external",
"summary": "923467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923467"
},
{
"category": "external",
"summary": "979452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=979452"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0148.json"
}
],
"title": "Red Hat Security Advisory: spacewalk-java, spacewalk-web and satellite-branding security update",
"tracking": {
"current_release_date": "2024-11-22T07:25:10+00:00",
"generator": {
"date": "2024-11-22T07:25:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2014:0148",
"initial_release_date": "2014-02-10T17:29:31+00:00",
"revision_history": [
{
"date": "2014-02-10T17:29:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-02-10T17:29:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T07:25:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 5.6 (RHEL v.5)",
"product": {
"name": "Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.6::el5"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product": {
"name": "Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite_managed_db:5.6::el5"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 5.6 (RHEL v.6)",
"product": {
"name": "Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.6::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product": {
"name": "Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite_managed_db:5.6::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite"
},
{
"branches": [
{
"category": "product_version",
"name": "spacewalk-web-0:2.0.3-19.el5sat.src",
"product": {
"name": "spacewalk-web-0:2.0.3-19.el5sat.src",
"product_id": "spacewalk-web-0:2.0.3-19.el5sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-web@2.0.3-19.el5sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-branding-0:5.6.0.23-1.el5sat.src",
"product": {
"name": "satellite-branding-0:5.6.0.23-1.el5sat.src",
"product_id": "satellite-branding-0:5.6.0.23-1.el5sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-branding@5.6.0.23-1.el5sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-0:2.0.2-58.el5sat.src",
"product": {
"name": "spacewalk-java-0:2.0.2-58.el5sat.src",
"product_id": "spacewalk-java-0:2.0.2-58.el5sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java@2.0.2-58.el5sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "spacewalk-web-0:2.0.3-19.el6sat.src",
"product": {
"name": "spacewalk-web-0:2.0.3-19.el6sat.src",
"product_id": "spacewalk-web-0:2.0.3-19.el6sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-web@2.0.3-19.el6sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-branding-0:5.6.0.23-1.el6sat.src",
"product": {
"name": "satellite-branding-0:5.6.0.23-1.el6sat.src",
"product_id": "satellite-branding-0:5.6.0.23-1.el6sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-branding@5.6.0.23-1.el6sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-0:2.0.2-58.el6sat.src",
"product": {
"name": "spacewalk-java-0:2.0.2-58.el6sat.src",
"product_id": "spacewalk-java-0:2.0.2-58.el6sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java@2.0.2-58.el6sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-dobby@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base-minimal@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-html@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base-minimal-config@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-sniglets@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-grail@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-pxt@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"product": {
"name": "satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"product_id": "satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-branding@5.6.0.23-1.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-java-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-java-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-postgresql@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-config@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-taskomatic@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-lib@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-oracle@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base-minimal@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-dobby@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-grail@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-html@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-pxt@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-sniglets@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base-minimal-config@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"product": {
"name": "satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"product_id": "satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-branding@5.6.0.23-1.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-taskomatic@2.0.2-58.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-lib@2.0.2-58.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-oracle@2.0.2-58.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-config@2.0.2-58.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-postgresql@2.0.2-58.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-java-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-java-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java@2.0.2-58.el6sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-grail-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-web-0:2.0.3-19.el5sat.src as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src"
},
"product_reference": "spacewalk-web-0:2.0.3-19.el5sat.src",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-branding-0:5.6.0.23-1.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch"
},
"product_reference": "satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-branding-0:5.6.0.23-1.el5sat.src as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src"
},
"product_reference": "satellite-branding-0:5.6.0.23-1.el5sat.src",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-grail-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-java-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-0:2.0.2-58.el5sat.src as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src"
},
"product_reference": "spacewalk-java-0:2.0.2-58.el5sat.src",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-web-0:2.0.3-19.el5sat.src as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src"
},
"product_reference": "spacewalk-web-0:2.0.3-19.el5sat.src",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-grail-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-web-0:2.0.3-19.el6sat.src as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src"
},
"product_reference": "spacewalk-web-0:2.0.3-19.el6sat.src",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-branding-0:5.6.0.23-1.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch"
},
"product_reference": "satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-branding-0:5.6.0.23-1.el6sat.src as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src"
},
"product_reference": "satellite-branding-0:5.6.0.23-1.el6sat.src",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-grail-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-java-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-0:2.0.2-58.el6sat.src as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src"
},
"product_reference": "spacewalk-java-0:2.0.2-58.el6sat.src",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-web-0:2.0.3-19.el6sat.src as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
},
"product_reference": "spacewalk-web-0:2.0.3-19.el6sat.src",
"relates_to_product_reference": "6Server-Satellite56"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ben Ford"
],
"organization": "Puppet Labs"
}
],
"cve": "CVE-2012-6149",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2012-11-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "882000"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "(spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note\u0027s subject and content",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-6149"
},
{
"category": "external",
"summary": "RHBZ#882000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=882000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-6149",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-6149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6149"
}
],
"release_date": "2014-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-10T17:29:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nRun the following command to restart the Red Hat Satellite server:\n\n# rhn-satellite restart",
"product_ids": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0148"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "(spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note\u0027s subject and content"
},
{
"acknowledgments": [
{
"names": [
"Ryan Giobbi"
],
"organization": "UPMC"
}
],
"cve": "CVE-2013-1869",
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "923464"
}
],
"notes": [
{
"category": "description",
"text": "CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Satellite/Spacewalk: header injection flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1869"
},
{
"category": "external",
"summary": "RHBZ#923464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1869",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1869"
}
],
"release_date": "2014-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-10T17:29:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nRun the following command to restart the Red Hat Satellite server:\n\n# rhn-satellite restart",
"product_ids": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0148"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Satellite/Spacewalk: header injection flaw"
},
{
"acknowledgments": [
{
"names": [
"Ryan Giobbi"
],
"organization": "UPMC"
}
],
"cve": "CVE-2013-1871",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "923467"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Satellite/Spacewalk: XSS in EditAddress page",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1871"
},
{
"category": "external",
"summary": "RHBZ#923467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1871",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1871"
}
],
"release_date": "2014-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-10T17:29:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nRun the following command to restart the Red Hat Satellite server:\n\n# rhn-satellite restart",
"product_ids": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0148"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Satellite/Spacewalk: XSS in EditAddress page"
},
{
"acknowledgments": [
{
"names": [
"Adam Willard"
]
},
{
"names": [
"Jose Carlos de Arriba"
],
"organization": "Foreground Security"
}
],
"cve": "CVE-2013-4415",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "979452"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10) optionScanDateSearch, (11) result_filter, (12) search_string, (13) show_as, (14) start_am_pm, (15) start_day, (16) start_hour, (17) start_minute, (18) start_month, (19) start_year, or (20) whereToSearch variable in an scap audit results search; (21) end_minute, (22) end_month, (23) end_year, (24) errata_type_bug, (25) errata_type_enhancement, (26) errata_type_security, (27) fineGrained, (28) list_1892635924_sortdir, (29) optionIssueDateSearch, (30) start_am_pm, (31) start_day, (32) start_hour, (33) start_minute, (34) start_month, (35) start_year, or (36) view_mode variable in an errata search; or (37) fineGrained variable in a systems search, related to PAGE_SIZE_LABEL_SELECTED.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4415"
},
{
"category": "external",
"summary": "RHBZ#979452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=979452"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4415"
}
],
"release_date": "2014-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-10T17:29:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nRun the following command to restart the Red Hat Satellite server:\n\n# rhn-satellite restart",
"product_ids": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0148"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)"
}
]
}
RHSA-2014:0148
Vulnerability from csaf_redhat
Published
2014-02-10 17:29
Modified
2024-11-22 07:25
Summary
Red Hat Security Advisory: spacewalk-java, spacewalk-web and satellite-branding security update
Notes
Topic
Updated spacewalk-java, spacewalk-web, and satellite-branding packages that
fix multiple security issues are now available for Red Hat Satellite 5.6.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Satellite is a systems management tool for Linux-based
infrastructures. It allows for provisioning, remote management and
monitoring of multiple Linux deployments with a single, centralized tool.
A cross-site scripting (XSS) flaw was found in the way the Red Hat
Satellite web interface performed sanitization of notes for registered
systems. A remote authenticated Red Hat Satellite user could create a
malicious note that, when viewed by a victim, could execute arbitrary web
script with the privileges of the user viewing that note. (CVE-2012-6149)
Multiple cross-site scripting (XSS) flaws were found in the Red Hat
Satellite web interface. A remote attacker could provide a specially
crafted link that, when visited by an authenticated Red Hat Satellite user,
would lead to arbitrary web script execution in the context of the user's
web interface session. (CVE-2013-1871, CVE-2013-4415)
An HTTP header injection flaw was found in the way the Red Hat Satellite
web interface processed the return URL parameter for all HTTP GET requests.
A remote attacker could use this flaw to conduct cross-site scripting (XSS)
and HTTP response splitting attacks against users visiting the site.
(CVE-2013-1869)
Red Hat would like to thank Ben Ford of Puppet Labs for reporting
CVE-2012-6149, Ryan Giobbi of UPMC for reporting CVE-2013-1869 and
CVE-2013-1871, and Adam Willard and Jose Carlos de Arriba of Foreground
Security for reporting CVE-2013-4415.
Users of Red Hat Satellite 5.6 are advised to upgrade to these updated
packages, which resolve these issues. For this update to take effect, Red
Hat Satellite must be restarted. Refer to the Solution section for details.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated spacewalk-java, spacewalk-web, and satellite-branding packages that\nfix multiple security issues are now available for Red Hat Satellite 5.6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a systems management tool for Linux-based\ninfrastructures. It allows for provisioning, remote management and\nmonitoring of multiple Linux deployments with a single, centralized tool.\n\nA cross-site scripting (XSS) flaw was found in the way the Red Hat\nSatellite web interface performed sanitization of notes for registered\nsystems. A remote authenticated Red Hat Satellite user could create a\nmalicious note that, when viewed by a victim, could execute arbitrary web\nscript with the privileges of the user viewing that note. (CVE-2012-6149)\n\nMultiple cross-site scripting (XSS) flaws were found in the Red Hat\nSatellite web interface. A remote attacker could provide a specially\ncrafted link that, when visited by an authenticated Red Hat Satellite user,\nwould lead to arbitrary web script execution in the context of the user\u0027s\nweb interface session. (CVE-2013-1871, CVE-2013-4415)\n\nAn HTTP header injection flaw was found in the way the Red Hat Satellite\nweb interface processed the return URL parameter for all HTTP GET requests.\nA remote attacker could use this flaw to conduct cross-site scripting (XSS)\nand HTTP response splitting attacks against users visiting the site.\n(CVE-2013-1869)\n\nRed Hat would like to thank Ben Ford of Puppet Labs for reporting\nCVE-2012-6149, Ryan Giobbi of UPMC for reporting CVE-2013-1869 and\nCVE-2013-1871, and Adam Willard and Jose Carlos de Arriba of Foreground\nSecurity for reporting CVE-2013-4415.\n\nUsers of Red Hat Satellite 5.6 are advised to upgrade to these updated\npackages, which resolve these issues. For this update to take effect, Red\nHat Satellite must be restarted. Refer to the Solution section for details.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0148",
"url": "https://access.redhat.com/errata/RHSA-2014:0148"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "882000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=882000"
},
{
"category": "external",
"summary": "923464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923464"
},
{
"category": "external",
"summary": "923467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923467"
},
{
"category": "external",
"summary": "979452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=979452"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0148.json"
}
],
"title": "Red Hat Security Advisory: spacewalk-java, spacewalk-web and satellite-branding security update",
"tracking": {
"current_release_date": "2024-11-22T07:25:10+00:00",
"generator": {
"date": "2024-11-22T07:25:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2014:0148",
"initial_release_date": "2014-02-10T17:29:31+00:00",
"revision_history": [
{
"date": "2014-02-10T17:29:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-02-10T17:29:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T07:25:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 5.6 (RHEL v.5)",
"product": {
"name": "Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.6::el5"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product": {
"name": "Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite_managed_db:5.6::el5"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 5.6 (RHEL v.6)",
"product": {
"name": "Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.6::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product": {
"name": "Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite_managed_db:5.6::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite"
},
{
"branches": [
{
"category": "product_version",
"name": "spacewalk-web-0:2.0.3-19.el5sat.src",
"product": {
"name": "spacewalk-web-0:2.0.3-19.el5sat.src",
"product_id": "spacewalk-web-0:2.0.3-19.el5sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-web@2.0.3-19.el5sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-branding-0:5.6.0.23-1.el5sat.src",
"product": {
"name": "satellite-branding-0:5.6.0.23-1.el5sat.src",
"product_id": "satellite-branding-0:5.6.0.23-1.el5sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-branding@5.6.0.23-1.el5sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-0:2.0.2-58.el5sat.src",
"product": {
"name": "spacewalk-java-0:2.0.2-58.el5sat.src",
"product_id": "spacewalk-java-0:2.0.2-58.el5sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java@2.0.2-58.el5sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "spacewalk-web-0:2.0.3-19.el6sat.src",
"product": {
"name": "spacewalk-web-0:2.0.3-19.el6sat.src",
"product_id": "spacewalk-web-0:2.0.3-19.el6sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-web@2.0.3-19.el6sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-branding-0:5.6.0.23-1.el6sat.src",
"product": {
"name": "satellite-branding-0:5.6.0.23-1.el6sat.src",
"product_id": "satellite-branding-0:5.6.0.23-1.el6sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-branding@5.6.0.23-1.el6sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-0:2.0.2-58.el6sat.src",
"product": {
"name": "spacewalk-java-0:2.0.2-58.el6sat.src",
"product_id": "spacewalk-java-0:2.0.2-58.el6sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java@2.0.2-58.el6sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-dobby@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base-minimal@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-html@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base-minimal-config@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-sniglets@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-grail@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"product": {
"name": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"product_id": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-pxt@2.0.3-19.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"product": {
"name": "satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"product_id": "satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-branding@5.6.0.23-1.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-java-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-java-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-postgresql@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-config@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-taskomatic@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-lib@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"product": {
"name": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"product_id": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-oracle@2.0.2-58.el5sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base-minimal@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-dobby@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-grail@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-html@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-pxt@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-sniglets@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"product": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"product_id": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-base-minimal-config@2.0.3-19.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"product": {
"name": "satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"product_id": "satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-branding@5.6.0.23-1.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-taskomatic@2.0.2-58.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-lib@2.0.2-58.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-oracle@2.0.2-58.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-config@2.0.2-58.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java-postgresql@2.0.2-58.el6sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spacewalk-java-0:2.0.2-58.el6sat.noarch",
"product": {
"name": "spacewalk-java-0:2.0.2-58.el6sat.noarch",
"product_id": "spacewalk-java-0:2.0.2-58.el6sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spacewalk-java@2.0.2-58.el6sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-grail-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-web-0:2.0.3-19.el5sat.src as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
"product_id": "5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src"
},
"product_reference": "spacewalk-web-0:2.0.3-19.el5sat.src",
"relates_to_product_reference": "5Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-branding-0:5.6.0.23-1.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch"
},
"product_reference": "satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-branding-0:5.6.0.23-1.el5sat.src as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src"
},
"product_reference": "satellite-branding-0:5.6.0.23-1.el5sat.src",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-grail-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-java-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-0:2.0.2-58.el5sat.src as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src"
},
"product_reference": "spacewalk-java-0:2.0.2-58.el5sat.src",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch"
},
"product_reference": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch"
},
"product_reference": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-web-0:2.0.3-19.el5sat.src as a component of Red Hat Satellite 5.6 (RHEL v.5)",
"product_id": "5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src"
},
"product_reference": "spacewalk-web-0:2.0.3-19.el5sat.src",
"relates_to_product_reference": "5Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-grail-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-web-0:2.0.3-19.el6sat.src as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
"product_id": "6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src"
},
"product_reference": "spacewalk-web-0:2.0.3-19.el6sat.src",
"relates_to_product_reference": "6Server-ManagedDB56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-branding-0:5.6.0.23-1.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch"
},
"product_reference": "satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-branding-0:5.6.0.23-1.el6sat.src as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src"
},
"product_reference": "satellite-branding-0:5.6.0.23-1.el6sat.src",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-grail-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-java-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-0:2.0.2-58.el6sat.src as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src"
},
"product_reference": "spacewalk-java-0:2.0.2-58.el6sat.src",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch"
},
"product_reference": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch"
},
"product_reference": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"relates_to_product_reference": "6Server-Satellite56"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-web-0:2.0.3-19.el6sat.src as a component of Red Hat Satellite 5.6 (RHEL v.6)",
"product_id": "6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
},
"product_reference": "spacewalk-web-0:2.0.3-19.el6sat.src",
"relates_to_product_reference": "6Server-Satellite56"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ben Ford"
],
"organization": "Puppet Labs"
}
],
"cve": "CVE-2012-6149",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2012-11-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "882000"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "(spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note\u0027s subject and content",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-6149"
},
{
"category": "external",
"summary": "RHBZ#882000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=882000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-6149",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-6149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6149"
}
],
"release_date": "2014-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-10T17:29:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nRun the following command to restart the Red Hat Satellite server:\n\n# rhn-satellite restart",
"product_ids": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0148"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "(spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note\u0027s subject and content"
},
{
"acknowledgments": [
{
"names": [
"Ryan Giobbi"
],
"organization": "UPMC"
}
],
"cve": "CVE-2013-1869",
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "923464"
}
],
"notes": [
{
"category": "description",
"text": "CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Satellite/Spacewalk: header injection flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1869"
},
{
"category": "external",
"summary": "RHBZ#923464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1869",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1869"
}
],
"release_date": "2014-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-10T17:29:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nRun the following command to restart the Red Hat Satellite server:\n\n# rhn-satellite restart",
"product_ids": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0148"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Satellite/Spacewalk: header injection flaw"
},
{
"acknowledgments": [
{
"names": [
"Ryan Giobbi"
],
"organization": "UPMC"
}
],
"cve": "CVE-2013-1871",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "923467"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Satellite/Spacewalk: XSS in EditAddress page",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1871"
},
{
"category": "external",
"summary": "RHBZ#923467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1871",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1871"
}
],
"release_date": "2014-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-10T17:29:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nRun the following command to restart the Red Hat Satellite server:\n\n# rhn-satellite restart",
"product_ids": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0148"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Satellite/Spacewalk: XSS in EditAddress page"
},
{
"acknowledgments": [
{
"names": [
"Adam Willard"
]
},
{
"names": [
"Jose Carlos de Arriba"
],
"organization": "Foreground Security"
}
],
"cve": "CVE-2013-4415",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2013-06-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "979452"
}
],
"notes": [
{
"category": "description",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10) optionScanDateSearch, (11) result_filter, (12) search_string, (13) show_as, (14) start_am_pm, (15) start_day, (16) start_hour, (17) start_minute, (18) start_month, (19) start_year, or (20) whereToSearch variable in an scap audit results search; (21) end_minute, (22) end_month, (23) end_year, (24) errata_type_bug, (25) errata_type_enhancement, (26) errata_type_security, (27) fineGrained, (28) list_1892635924_sortdir, (29) optionIssueDateSearch, (30) start_am_pm, (31) start_day, (32) start_hour, (33) start_minute, (34) start_month, (35) start_year, or (36) view_mode variable in an errata search; or (37) fineGrained variable in a systems search, related to PAGE_SIZE_LABEL_SELECTED.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-4415"
},
{
"category": "external",
"summary": "RHBZ#979452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=979452"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4415"
}
],
"release_date": "2014-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-02-10T17:29:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nRun the following command to restart the Red Hat Satellite server:\n\n# rhn-satellite restart",
"product_ids": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0148"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
"5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
"5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
"5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
"5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
"5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
"6Server-ManagedDB56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
"6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
"6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
"6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
"6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
"6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)"
}
]
}
ghsa-9c7m-xg64-cvv7
Vulnerability from github
Published
2022-05-13 01:04
Modified
2022-05-13 01:04
Details
CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.
{
"affected": [],
"aliases": [
"CVE-2013-1869"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-04-01T06:35:00Z",
"severity": "MODERATE"
},
"details": "CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.",
"id": "GHSA-9c7m-xg64-cvv7",
"modified": "2022-05-13T01:04:02Z",
"published": "2022-05-13T01:04:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1869"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=923464"
},
{
"type": "WEB",
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"
},
{
"type": "WEB",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0148.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/56952"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.