CVE-2013-1869

Name of the Vulnerable Software and Affected Versions spacewalk-java versions prior to 2.1.148-1 Red Hat Network (RHN) Satellite version 5.6

Description The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks via the return url parameter.

Recommendations For spacewalk-java versions prior to 2.1.148-1, update to version 2.1.148-1 or later. For Red Hat Network (RHN) Satellite version 5.6, consider restricting access to the vulnerable parameter return url until a patch is available.