RHEL 6 : spacewalk-java (RHSA-2016:0590)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

An update for spacewalk-java is now available for Red Hat Satellite
5.7.

Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Red Hat Satellite is a system management tool for Linux-based
infrastructures. It allows for provisioning, monitoring, and the
remote management of multiple Linux deployments with a single,
centralized tool.

Security Fix(es) :

* A cross-site scripting (XSS) flaw was found in how XML data was
handled in Red Hat Satellite. A user able to use the XMLRPC API could
exploit this flaw to perform XSS attacks against other Satellite
users. (CVE-2015-0284)

* Multiple cross-site scripting (XSS) flaws were found in the way
certain form data was handled in Red Hat Satellite. A user able to
enter form data could use these flaws to perform XSS attacks against
other Satellite users. (CVE-2016-2103, CVE-2016-3079)

* Multiple cross-site scripting (XSS) flaws were found in the way HTTP
GET parameter data was handled in Red Hat Satellite. A user able to
provide malicious links to a Satellite user could use these flaws to
perform XSS attacks against other Satellite users. (CVE-2016-2104)

Red Hat would like to thank Adam Willard (Raytheon Foreground
Security) for reporting CVE-2016-2104. The CVE-2015-0284 and
CVE-2016-3079 issues were discovered by Jan Hutar (Red Hat).

See also :

https://www.redhat.com/security/data/cve/CVE-2015-0284.html
https://www.redhat.com/security/data/cve/CVE-2016-2103.html
https://www.redhat.com/security/data/cve/CVE-2016-2104.html
https://www.redhat.com/security/data/cve/CVE-2016-3079.html
http://rhn.redhat.com/errata/RHSA-2016-0590.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 90343 ()

Bugtraq ID:

CVE ID: CVE-2015-0284
CVE-2016-2103
CVE-2016-2104
CVE-2016-3079

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now