Improper input validation in Redhat Satellite

CVE-2013-1869

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) at…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (62.1th percentile) — read the EPSS interpretation.

Affected products

Redhat Satellite — versions 5.6
Redhat Spacewalk-java
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

secalert@redhat.com (x_refsource_CONFIRM)
56952 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
RHSA-2014:0148 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
SUSE-SU-2014:0222 (vendor-advisory, x_refsource_SUSE)