CVE-2011-4346: XSS
First published: Wed Sep 28 2011(Updated: )
A cross-site scripting (XSS) flaw was found in the way the 'System Details' => 'Details' => 'Custom Info' page of the Red Hat Network Satellite web interface sanitized value (the Description field) of the asset tag / key, assigned to the particular system, created via 'Custom System Info' page. An authenticated Red Hat Network Satellite user could use this flaw to execute arbitrary HTML or web script code via specially-crafted value for the asset 'Custom System Info' key. Acknowledgements: Red Hat would like to thank William Hoffmann for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/spacewalk-web | <0:1.2.7-21.el5 | 0:1.2.7-21.el5 |
| Red Hat Satellite | =5.4.1 | |
| Red Hat Enterprise Linux | =5.0 | |
| Red Hat Enterprise Linux | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/47162
- http://www.redhat.com/support/errata/RHSA-2011-1794.html
- http://www.securitytracker.com/id?1026391
- https://bugzilla.redhat.com/show_bug.cgi?id=742050
- http://www.securityfocus.com/bid/50963
- https://www.cve.org/CVERecord?id=CVE-2011-4346 https://nvd.nist.gov/vuln/detail/CVE-2011-4346
- https://access.redhat.com/errata/RHSA-2011:1794
- https://access.redhat.com/security/cve/CVE-2011-4346
- https://rhn.redhat.com/errata/RHSA-2011-1794.html
Frequently Asked Questions
What is the severity of CVE-2011-4346?
CVE-2011-4346 is classified as a medium severity vulnerability due to its potential impact on web application security through cross-site scripting.
How do I fix CVE-2011-4346?
To fix CVE-2011-4346, upgrade to the secure version of the spacewalk-web package, specifically 0:1.2.7-21.el5, or apply any recommended patches from Red Hat.
What is the main impact of CVE-2011-4346?
The main impact of CVE-2011-4346 is that it allows attackers to exploit a cross-site scripting vulnerability on the Red Hat Network Satellite web interface.
Which versions of Red Hat Satellite are affected by CVE-2011-4346?
CVE-2011-4346 affects the Red Hat Satellite version 5.4.1 and certain older versions of the spacewalk-web package.
Is Red Hat Enterprise Linux vulnerable to CVE-2011-4346?
Red Hat Enterprise Linux versions 5.0 and 6.0 are not vulnerable to CVE-2011-4346, but specific components like the satellite server are impacted.
- collector/nvd-historical
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-4346
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/redhat
- canonical/red hat satellite
- version/red hat satellite/5.4.1
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5.0
- version/red hat enterprise linux/6.0