What is the severity of CVE-2012-6149?

CVE-2012-6149 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.

How do I fix CVE-2012-6149?

To fix CVE-2012-6149, update to a patched version of Red Hat Satellite or Spacewalk that addresses the XSS vulnerabilities.

What systems are affected by CVE-2012-6149?

CVE-2012-6149 affects Red Hat Satellite 5.6 and Spacewalk Java 2.0.2 versions lower than 57.

What type of vulnerability is CVE-2012-6149?

CVE-2012-6149 is a cross-site scripting (XSS) vulnerability that allows attackers to inject arbitrary web scripts.

Can CVE-2012-6149 be exploited remotely?

Yes, CVE-2012-6149 can be exploited remotely by attackers through malicious input in system.addNote XML-RPC calls.

Vulnerability/
CVE-2012-6149

low

3.5

CWE

29/11/2012

14/2/2014

6/8/2024

CVE-2012-6149: XSS

First published: Thu Nov 29 2012(Updated: )

Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/spacewalk-java-2.0.2	<57	57
Red Hat Satellite	=5.6
Red Hat Satellite	=5.6
Red Hat Spacewalk	=2.0.2-57

Remedy

https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f

Remedy

https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-6149?
CVE-2012-6149 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2012-6149?
To fix CVE-2012-6149, update to a patched version of Red Hat Satellite or Spacewalk that addresses the XSS vulnerabilities.
What systems are affected by CVE-2012-6149?
CVE-2012-6149 affects Red Hat Satellite 5.6 and Spacewalk Java 2.0.2 versions lower than 57.
What type of vulnerability is CVE-2012-6149?
CVE-2012-6149 is a cross-site scripting (XSS) vulnerability that allows attackers to inject arbitrary web scripts.
Can CVE-2012-6149 be exploited remotely?
Yes, CVE-2012-6149 can be exploited remotely by attackers through malicious input in system.addNote XML-RPC calls.

agent/type
agent/first-publish-date
agent/remedy
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/severity
agent/references
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2012-6149
agent/software-canonical-lookup
agent/description
agent/event
agent/trending
agent/weakness
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/redhat
vendor/redhat
canonical/red hat satellite
version/red hat satellite/5.6
canonical/red hat spacewalk
version/red hat spacewalk/2.0.2-57

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.