CVE-2013-1869

Red Hat Satellite and Spacewalk Java < 2.1.147-1 - CRLF Injection via Return URL Parameter

Title source: llm
STIX 2.1

Description

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.

References (5)

Core 5
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=923464
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56952
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0148.html

Scores

EPSS 0.0185
EPSS Percentile 76.6%

Details

CWE
CWE-20
Status published
Products (2)
redhat/satellite 5.6
redhat/spacewalk-java < 2.1.147-1
Published Apr 01, 2014
Tracked Since Feb 18, 2026