CVE-2014-3497

Опубликовано: 19 июн. 2014

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header.

It was found that Swift did not escape all HTTP header values, allowing data to be injected into the responses sent from the Swift server. This could lead to cross-site scripting attacks (and possibly other impacts) if a user were tricked into clicking on a malicious URL.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenStack Platform 3	openstack-swift	Not affected
Red Hat OpenStack Platform 4	openstack-swift	Not affected
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7	openstack-swift	Fixed	RHSA-2014:0941	24.07.2014
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7	python-swiftclient	Fixed	RHSA-2014:0941	24.07.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1110809openstack-swift: XSS in Swift requests through WWW-Authenticate header

EPSS

Процентиль: 63%

0.00445

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2014-3497

ubuntu

больше 11 лет назад

Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header.

CVE-2014-3497

nvd

больше 11 лет назад

Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header.

CVE-2014-3497

debian

больше 11 лет назад

Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 thr ...

GHSA-66vj-393f-hxfv

github

больше 3 лет назад

OpenStack Swift Cross-site Scriping vulnerability

EPSS

Процентиль: 63%

0.00445

Низкий

4.3 Medium

CVSS2