CVE-2013-1869

CWE-20Improper Input Validation5 documents5 sources
Severity
4.3MEDIUM
EPSS
0.4%
top 38.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat Spacewalk-javaRedhat Satellite
Timeline
PublishedApr 1
Latest updateMay 13

Description

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDredhat/spacewalk-java2.1.147-1

Patches

Patch: git.fedorahosted.orgPatch: git.fedorahosted.org

🔴Vulnerability Details

2
GHSA
GHSA-9c7m-xg64-cvv7: CRLF injection vulnerability in spacewalk-java before 22022-05-13
CVEList
CVE-2013-1869: CRLF injection vulnerability in spacewalk-java before 22014-04-01

📋Vendor Advisories

1
Red Hat
Satellite/Spacewalk: header injection flaw2014-02-10

💬Community

1
Bugzilla
CVE-2013-1869 Satellite/Spacewalk: header injection flaw2013-03-19
CVE-2013-1869 (MEDIUM CVSS 4.3) | CRLF injection vulnerability in spa | cvebase.io