This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
An update for spacewalk-java is now available for Red Hat Satellite
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Red Hat Satellite is a system management tool for Linux-based
infrastructures. It allows for provisioning, monitoring, and the
remote management of multiple Linux deployments with a single,
Security Fix(es) :
* A cross-site scripting (XSS) flaw was found in how XML data was
handled in Red Hat Satellite. A user able to use the XMLRPC API could
exploit this flaw to perform XSS attacks against other Satellite
* Multiple cross-site scripting (XSS) flaws were found in the way
certain form data was handled in Red Hat Satellite. A user able to
enter form data could use these flaws to perform XSS attacks against
other Satellite users. (CVE-2016-2103, CVE-2016-3079)
* Multiple cross-site scripting (XSS) flaws were found in the way HTTP
GET parameter data was handled in Red Hat Satellite. A user able to
provide malicious links to a Satellite user could use these flaws to
perform XSS attacks against other Satellite users. (CVE-2016-2104)
Red Hat would like to thank Adam Willard (Raytheon Foreground
Security) for reporting CVE-2016-2104. The CVE-2015-0284 and
CVE-2016-3079 issues were discovered by Jan Hutar (Red Hat).
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.1
Public Exploit Available : true