CVE-2013-1869

Published: Apr 1, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.

Affected (2)

Products: Redhat: Satellite, Spacewalk Java

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Satellite	Version 5.6
Redhat Spacewalk Java	Up to 2.1.147-1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://rhn.redhat.com/errata/RHSA-2014-0148.html

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/56952

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=923464

Source: secalert@redhat.com

https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f

Source: secalert@redhat.com

Patch

https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-0148.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/56952

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=923464

Source: af854a3a-2127-422b-91ae-364da2661108

https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.