CVE-2014-2398
First published: Fri Apr 11 2014(Updated: )
It was discovered that the fix for <a href="https://access.redhat.com/security/cve/CVE-2013-5797">CVE-2013-5797</a> (<a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2013-5797 OpenJDK: insufficient escaping of window title string (Javadoc, 8016675)" href="show_bug.cgi?id=1018720">bug 1018720</a>) did not properly with the issue in the way javadoc (Java API Documentation Generator) created a JavaScript code used to set browser window title when navigating between pages of the generated API documentation. An input from user was not properly escaped before being used as part of the JavaScript string. A specially crafted input could "break out" of the JS string and execute arbitrary JavaScript in the context of the domain that hosts generated API documentation, allowing a Cross-Site Scripting attacks. The original fix for the issue added escaping of quotes and non-ASCII characters, but it failed to escape HTML special characters < and >. Acknowledgement: This issue was discovered by the Red Hat Security Response Team.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/icedtea | <1.13.3 | 1.13.3 |
| redhat/icedtea | <2.4.7 | 2.4.7 |
| Canonical Ubuntu Linux | =10.04 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =12.10 | |
| Canonical Ubuntu Linux | =13.10 | |
| Canonical Ubuntu Linux | =14.04 | |
| Oracle Javafx | =2.2.51 | |
| Oracle JDK | =1.5.0-update61 | |
| Oracle JDK | =1.6.0-update71 | |
| Oracle JDK | =1.7.0-update51 | |
| Oracle JDK | =1.8.0 | |
| Oracle JRE | =1.5.0-update61 | |
| Oracle JRE | =1.6.0-update71 | |
| Oracle JRE | =1.7.0-update51 | |
| Oracle JRE | =1.8.0 | |
| Oracle JRockit | =r27.8.1 | |
| Oracle JRockit | =r28.3.1 | |
| Debian Debian Linux | =6.0 | |
| Debian Debian Linux | =7.0 | |
| Debian Debian Linux | =8.0 | |
| IBM Forms Viewer | >=4.0.0<4.0.0.3 | |
| IBM Forms Viewer | >=8.0.0<8.0.1.1 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://marc.info/?l=bugtraq&m=140852974709252&w=2
- http://rhn.redhat.com/errata/RHSA-2014-0675.html
- http://rhn.redhat.com/errata/RHSA-2014-0685.html
- http://secunia.com/advisories/58415
- http://secunia.com/advisories/59058
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://security.gentoo.org/glsa/glsa-201502-12.xml
- http://www-01.ibm.com/support/docview.wss?uid=swg21672080
- http://www-01.ibm.com/support/docview.wss?uid=swg21676746
- http://www.debian.org/security/2014/dsa-2912
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- http://www.securityfocus.com/bid/66920
- http://www.ubuntu.com/usn/USN-2187-1
- http://www.ubuntu.com/usn/USN-2191-1
- https://access.redhat.com/errata/RHSA-2014:0413
- https://access.redhat.com/errata/RHSA-2014:0414
- https://access.redhat.com/security/cve/CVE-2013-5797
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1018720
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-April/027214.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-April/027222.html
- https://rhn.redhat.com/errata/RHSA-2014-0407.html
- https://rhn.redhat.com/errata/RHSA-2014-0406.html
- https://rhn.redhat.com/errata/RHSA-2014-0408.html
- https://rhn.redhat.com/errata/RHSA-2014-0413.html
- https://rhn.redhat.com/errata/RHSA-2014-0412.html
- http://hg.openjdk.java.net/jdk8u/jdk8u/langtools/rev/bd5898d93742
- https://rhn.redhat.com/errata/RHSA-2014-0414.html
- https://rhn.redhat.com/errata/RHSA-2014-0486.html
- https://rhn.redhat.com/errata/RHSA-2014-0508.html
- https://rhn.redhat.com/errata/RHSA-2014-0509.html
- https://rhn.redhat.com/errata/RHSA-2014-0675.html
- https://rhn.redhat.com/errata/RHSA-2014-0685.html
- https://rhn.redhat.com/errata/RHSA-2014-0705.html
- https://rhn.redhat.com/errata/RHSA-2014-0982.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1086632
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-2398
- agent/software-canonical-lookup
- agent/author
- agent/references
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/10.04
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/12.10
- version/canonical ubuntu linux/13.10
- version/canonical ubuntu linux/14.04
- vendor/oracle
- canonical/oracle javafx
- version/oracle javafx/2.2.51
- canonical/oracle jdk
- version/oracle jdk/1.5.0-update61
- version/oracle jdk/1.6.0-update71
- version/oracle jdk/1.7.0-update51
- version/oracle jdk/1.8.0
- canonical/oracle jre
- version/oracle jre/1.5.0-update61
- version/oracle jre/1.6.0-update71
- version/oracle jre/1.7.0-update51
- version/oracle jre/1.8.0
- canonical/oracle jrockit
- version/oracle jrockit/r27.8.1
- version/oracle jrockit/r28.3.1
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/6.0
- version/debian debian linux/7.0
- version/debian debian linux/8.0
- vendor/ibm
- canonical/ibm forms viewer
- version/ibm forms viewer/4.0.0
- version/ibm forms viewer/8.0.0
- vendor/microsoft
- canonical/microsoft windows
- package-manager/redhat