{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright © Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated spacewalk-java, spacewalk-web, and satellite-branding packages that\nfix multiple security issues are now available for Red Hat Satellite 5.6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Satellite is a systems management tool for Linux-based\ninfrastructures. It allows for provisioning, remote management and\nmonitoring of multiple Linux deployments with a single, centralized tool.\n\nA cross-site scripting (XSS) flaw was found in the way the Red Hat\nSatellite web interface performed sanitization of notes for registered\nsystems. A remote authenticated Red Hat Satellite user could create a\nmalicious note that, when viewed by a victim, could execute arbitrary web\nscript with the privileges of the user viewing that note. (CVE-2012-6149)\n\nMultiple cross-site scripting (XSS) flaws were found in the Red Hat\nSatellite web interface. A remote attacker could provide a specially\ncrafted link that, when visited by an authenticated Red Hat Satellite user,\nwould lead to arbitrary web script execution in the context of the user's\nweb interface session. (CVE-2013-1871, CVE-2013-4415)\n\nAn HTTP header injection flaw was found in the way the Red Hat Satellite\nweb interface processed the return URL parameter for all HTTP GET requests.\nA remote attacker could use this flaw to conduct cross-site scripting (XSS)\nand HTTP response splitting attacks against users visiting the site.\n(CVE-2013-1869)\n\nRed Hat would like to thank Ben Ford of Puppet Labs for reporting\nCVE-2012-6149, Ryan Giobbi of UPMC for reporting CVE-2013-1869 and\nCVE-2013-1871, and Adam Willard and Jose Carlos de Arriba of Foreground\nSecurity for reporting CVE-2013-4415.\n\nUsers of Red Hat Satellite 5.6 are advised to upgrade to these updated\npackages, which resolve these issues. For this update to take effect, Red\nHat Satellite must be restarted. Refer to the Solution section for details.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2014:0148",
        "url": "https://access.redhat.com/errata/RHSA-2014:0148"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "882000",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=882000"
      },
      {
        "category": "external",
        "summary": "923464",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=923464"
      },
      {
        "category": "external",
        "summary": "923467",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=923467"
      },
      {
        "category": "external",
        "summary": "979452",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=979452"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0148.json"
      }
    ],
    "title": "Red Hat Security Advisory: spacewalk-java, spacewalk-web and satellite-branding security update",
    "tracking": {
      "current_release_date": "2026-06-27T13:04:17+00:00",
      "generator": {
        "date": "2026-06-27T13:04:17+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.2.6"
        }
      },
      "id": "RHSA-2014:0148",
      "initial_release_date": "2014-02-10T17:29:31+00:00",
      "revision_history": [
        {
          "date": "2014-02-10T17:29:31+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2014-02-10T17:29:32+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-27T13:04:17+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.6 (RHEL v.5)",
                "product": {
                  "name": "Red Hat Satellite 5.6 (RHEL v.5)",
                  "product_id": "5Server-Satellite56",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:5.6::el5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
                "product": {
                  "name": "Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
                  "product_id": "5Server-ManagedDB56",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite_managed_db:5.6::el5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.6 (RHEL v.6)",
                "product": {
                  "name": "Red Hat Satellite 5.6 (RHEL v.6)",
                  "product_id": "6Server-Satellite56",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:5.6::el6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
                "product": {
                  "name": "Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
                  "product_id": "6Server-ManagedDB56",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite_managed_db:5.6::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "spacewalk-web-0:2.0.3-19.el5sat.src",
                "product": {
                  "name": "spacewalk-web-0:2.0.3-19.el5sat.src",
                  "product_id": "spacewalk-web-0:2.0.3-19.el5sat.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-web@2.0.3-19.el5sat?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "satellite-branding-0:5.6.0.23-1.el5sat.src",
                "product": {
                  "name": "satellite-branding-0:5.6.0.23-1.el5sat.src",
                  "product_id": "satellite-branding-0:5.6.0.23-1.el5sat.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/satellite-branding@5.6.0.23-1.el5sat?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-0:2.0.2-58.el5sat.src",
                "product": {
                  "name": "spacewalk-java-0:2.0.2-58.el5sat.src",
                  "product_id": "spacewalk-java-0:2.0.2-58.el5sat.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-java@2.0.2-58.el5sat?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-web-0:2.0.3-19.el6sat.src",
                "product": {
                  "name": "spacewalk-web-0:2.0.3-19.el6sat.src",
                  "product_id": "spacewalk-web-0:2.0.3-19.el6sat.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-web@2.0.3-19.el6sat?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "satellite-branding-0:5.6.0.23-1.el6sat.src",
                "product": {
                  "name": "satellite-branding-0:5.6.0.23-1.el6sat.src",
                  "product_id": "satellite-branding-0:5.6.0.23-1.el6sat.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/satellite-branding@5.6.0.23-1.el6sat?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-0:2.0.2-58.el6sat.src",
                "product": {
                  "name": "spacewalk-java-0:2.0.2-58.el6sat.src",
                  "product_id": "spacewalk-java-0:2.0.2-58.el6sat.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-java@2.0.2-58.el6sat?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
                "product": {
                  "name": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
                  "product_id": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-dobby@2.0.3-19.el5sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
                "product": {
                  "name": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
                  "product_id": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-base-minimal@2.0.3-19.el5sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
                "product": {
                  "name": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
                  "product_id": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-html@2.0.3-19.el5sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
                "product": {
                  "name": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
                  "product_id": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-base-minimal-config@2.0.3-19.el5sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
                "product": {
                  "name": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
                  "product_id": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-sniglets@2.0.3-19.el5sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
                "product": {
                  "name": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
                  "product_id": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-base@2.0.3-19.el5sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
                "product": {
                  "name": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
                  "product_id": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-grail@2.0.3-19.el5sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
                "product": {
                  "name": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
                  "product_id": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-pxt@2.0.3-19.el5sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "satellite-branding-0:5.6.0.23-1.el5sat.noarch",
                "product": {
                  "name": "satellite-branding-0:5.6.0.23-1.el5sat.noarch",
                  "product_id": "satellite-branding-0:5.6.0.23-1.el5sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/satellite-branding@5.6.0.23-1.el5sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-0:2.0.2-58.el5sat.noarch",
                "product": {
                  "name": "spacewalk-java-0:2.0.2-58.el5sat.noarch",
                  "product_id": "spacewalk-java-0:2.0.2-58.el5sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-java@2.0.2-58.el5sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
                "product": {
                  "name": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
                  "product_id": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-java-postgresql@2.0.2-58.el5sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
                "product": {
                  "name": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
                  "product_id": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-java-config@2.0.2-58.el5sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
                "product": {
                  "name": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
                  "product_id": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-taskomatic@2.0.2-58.el5sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
                "product": {
                  "name": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
                  "product_id": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-java-lib@2.0.2-58.el5sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
                "product": {
                  "name": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
                  "product_id": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-java-oracle@2.0.2-58.el5sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
                "product": {
                  "name": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
                  "product_id": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-base-minimal@2.0.3-19.el6sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
                "product": {
                  "name": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
                  "product_id": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-dobby@2.0.3-19.el6sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
                "product": {
                  "name": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
                  "product_id": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-grail@2.0.3-19.el6sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
                "product": {
                  "name": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
                  "product_id": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-base@2.0.3-19.el6sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
                "product": {
                  "name": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
                  "product_id": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-html@2.0.3-19.el6sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
                "product": {
                  "name": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
                  "product_id": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-pxt@2.0.3-19.el6sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
                "product": {
                  "name": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
                  "product_id": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-sniglets@2.0.3-19.el6sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
                "product": {
                  "name": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
                  "product_id": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-base-minimal-config@2.0.3-19.el6sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "satellite-branding-0:5.6.0.23-1.el6sat.noarch",
                "product": {
                  "name": "satellite-branding-0:5.6.0.23-1.el6sat.noarch",
                  "product_id": "satellite-branding-0:5.6.0.23-1.el6sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/satellite-branding@5.6.0.23-1.el6sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
                "product": {
                  "name": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
                  "product_id": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-taskomatic@2.0.2-58.el6sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
                "product": {
                  "name": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
                  "product_id": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-java-lib@2.0.2-58.el6sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
                "product": {
                  "name": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
                  "product_id": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-java-oracle@2.0.2-58.el6sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
                "product": {
                  "name": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
                  "product_id": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-java-config@2.0.2-58.el6sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
                "product": {
                  "name": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
                  "product_id": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-java-postgresql@2.0.2-58.el6sat?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-0:2.0.2-58.el6sat.noarch",
                "product": {
                  "name": "spacewalk-java-0:2.0.2-58.el6sat.noarch",
                  "product_id": "spacewalk-java-0:2.0.2-58.el6sat.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/spacewalk-java@2.0.2-58.el6sat?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
          "product_id": "5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch"
        },
        "product_reference": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
        "relates_to_product_reference": "5Server-ManagedDB56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
          "product_id": "5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch"
        },
        "product_reference": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
        "relates_to_product_reference": "5Server-ManagedDB56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-web-0:2.0.3-19.el5sat.src as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.5)",
          "product_id": "5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src"
        },
        "product_reference": "spacewalk-web-0:2.0.3-19.el5sat.src",
        "relates_to_product_reference": "5Server-ManagedDB56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "satellite-branding-0:5.6.0.23-1.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch"
        },
        "product_reference": "satellite-branding-0:5.6.0.23-1.el5sat.noarch",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "satellite-branding-0:5.6.0.23-1.el5sat.src as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src"
        },
        "product_reference": "satellite-branding-0:5.6.0.23-1.el5sat.src",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch"
        },
        "product_reference": "spacewalk-base-0:2.0.3-19.el5sat.noarch",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch"
        },
        "product_reference": "spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch"
        },
        "product_reference": "spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch"
        },
        "product_reference": "spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-grail-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch"
        },
        "product_reference": "spacewalk-grail-0:2.0.3-19.el5sat.noarch",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-html-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch"
        },
        "product_reference": "spacewalk-html-0:2.0.3-19.el5sat.noarch",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch"
        },
        "product_reference": "spacewalk-java-0:2.0.2-58.el5sat.noarch",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-0:2.0.2-58.el5sat.src as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src"
        },
        "product_reference": "spacewalk-java-0:2.0.2-58.el5sat.src",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch"
        },
        "product_reference": "spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch"
        },
        "product_reference": "spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch"
        },
        "product_reference": "spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch"
        },
        "product_reference": "spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch"
        },
        "product_reference": "spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch"
        },
        "product_reference": "spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch"
        },
        "product_reference": "spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-web-0:2.0.3-19.el5sat.src as a component of Red Hat Satellite 5.6 (RHEL v.5)",
          "product_id": "5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src"
        },
        "product_reference": "spacewalk-web-0:2.0.3-19.el5sat.src",
        "relates_to_product_reference": "5Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
          "product_id": "6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch"
        },
        "product_reference": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
        "relates_to_product_reference": "6Server-ManagedDB56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
          "product_id": "6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch"
        },
        "product_reference": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
        "relates_to_product_reference": "6Server-ManagedDB56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-web-0:2.0.3-19.el6sat.src as a component of Red Hat Satellite Managed DB 5.6 (RHEL v.6)",
          "product_id": "6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src"
        },
        "product_reference": "spacewalk-web-0:2.0.3-19.el6sat.src",
        "relates_to_product_reference": "6Server-ManagedDB56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "satellite-branding-0:5.6.0.23-1.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch"
        },
        "product_reference": "satellite-branding-0:5.6.0.23-1.el6sat.noarch",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "satellite-branding-0:5.6.0.23-1.el6sat.src as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src"
        },
        "product_reference": "satellite-branding-0:5.6.0.23-1.el6sat.src",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch"
        },
        "product_reference": "spacewalk-base-0:2.0.3-19.el6sat.noarch",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch"
        },
        "product_reference": "spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch"
        },
        "product_reference": "spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch"
        },
        "product_reference": "spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-grail-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch"
        },
        "product_reference": "spacewalk-grail-0:2.0.3-19.el6sat.noarch",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-html-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch"
        },
        "product_reference": "spacewalk-html-0:2.0.3-19.el6sat.noarch",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch"
        },
        "product_reference": "spacewalk-java-0:2.0.2-58.el6sat.noarch",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-0:2.0.2-58.el6sat.src as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src"
        },
        "product_reference": "spacewalk-java-0:2.0.2-58.el6sat.src",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch"
        },
        "product_reference": "spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch"
        },
        "product_reference": "spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch"
        },
        "product_reference": "spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch"
        },
        "product_reference": "spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch"
        },
        "product_reference": "spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch"
        },
        "product_reference": "spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch"
        },
        "product_reference": "spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
        "relates_to_product_reference": "6Server-Satellite56"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-web-0:2.0.3-19.el6sat.src as a component of Red Hat Satellite 5.6 (RHEL v.6)",
          "product_id": "6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
        },
        "product_reference": "spacewalk-web-0:2.0.3-19.el6sat.src",
        "relates_to_product_reference": "6Server-Satellite56"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Ben Ford"
          ],
          "organization": "Puppet Labs"
        }
      ],
      "cve": "CVE-2012-6149",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
      },
      "discovery_date": "2012-11-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "882000"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "(spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note's subject and content",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
          "5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
          "5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
          "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
          "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
          "5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
          "5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
          "6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
          "6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
          "6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
          "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
          "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
          "6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
          "6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-6149"
        },
        {
          "category": "external",
          "summary": "RHBZ#882000",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=882000"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-6149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-6149"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-6149",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6149"
        }
      ],
      "release_date": "2014-02-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-02-10T17:29:31+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nRun the following command to restart the Red Hat Satellite server:\n\n# rhn-satellite restart",
          "product_ids": [
            "5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
            "5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
            "5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
            "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
            "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
            "5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
            "5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
            "6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
            "6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
            "6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
            "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
            "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
            "6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
            "6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0148"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
            "5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
            "5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
            "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
            "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
            "5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
            "5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
            "6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
            "6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
            "6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
            "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
            "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
            "6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
            "6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "(spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note's subject and content"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ryan Giobbi"
          ],
          "organization": "UPMC"
        }
      ],
      "cve": "CVE-2013-1869",
      "discovery_date": "2013-02-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "923464"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Satellite/Spacewalk: header injection flaw",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
          "5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
          "5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
          "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
          "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
          "5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
          "5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
          "6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
          "6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
          "6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
          "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
          "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
          "6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
          "6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-1869"
        },
        {
          "category": "external",
          "summary": "RHBZ#923464",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=923464"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-1869"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1869",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1869"
        }
      ],
      "release_date": "2014-02-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-02-10T17:29:31+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nRun the following command to restart the Red Hat Satellite server:\n\n# rhn-satellite restart",
          "product_ids": [
            "5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
            "5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
            "5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
            "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
            "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
            "5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
            "5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
            "6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
            "6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
            "6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
            "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
            "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
            "6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
            "6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0148"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
            "5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
            "5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
            "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
            "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
            "5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
            "5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
            "6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
            "6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
            "6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
            "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
            "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
            "6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
            "6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Satellite/Spacewalk: header injection flaw"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ryan Giobbi"
          ],
          "organization": "UPMC"
        }
      ],
      "cve": "CVE-2013-1871",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
      },
      "discovery_date": "2013-02-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "923467"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Satellite/Spacewalk: XSS in EditAddress page",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
          "5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
          "5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
          "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
          "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
          "5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
          "5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
          "6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
          "6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
          "6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
          "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
          "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
          "6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
          "6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-1871"
        },
        {
          "category": "external",
          "summary": "RHBZ#923467",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=923467"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-1871"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1871",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1871"
        }
      ],
      "release_date": "2014-02-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-02-10T17:29:31+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nRun the following command to restart the Red Hat Satellite server:\n\n# rhn-satellite restart",
          "product_ids": [
            "5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
            "5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
            "5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
            "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
            "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
            "5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
            "5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
            "6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
            "6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
            "6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
            "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
            "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
            "6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
            "6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0148"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
            "5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
            "5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
            "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
            "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
            "5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
            "5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
            "6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
            "6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
            "6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
            "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
            "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
            "6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
            "6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Satellite/Spacewalk: XSS in EditAddress page"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Adam Willard"
          ]
        },
        {
          "names": [
            "Jose Carlos de Arriba"
          ],
          "organization": "Foreground Security"
        }
      ],
      "cve": "CVE-2013-4415",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
      },
      "discovery_date": "2013-06-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "979452"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10) optionScanDateSearch, (11) result_filter, (12) search_string, (13) show_as, (14) start_am_pm, (15) start_day, (16) start_hour, (17) start_minute, (18) start_month, (19) start_year, or (20) whereToSearch variable in an scap audit results search; (21) end_minute, (22) end_month, (23) end_year, (24) errata_type_bug, (25) errata_type_enhancement, (26) errata_type_security, (27) fineGrained, (28) list_1892635924_sortdir, (29) optionIssueDateSearch, (30) start_am_pm, (31) start_day, (32) start_hour, (33) start_minute, (34) start_month, (35) start_year, or (36) view_mode variable in an errata search; or (37) fineGrained variable in a systems search, related to PAGE_SIZE_LABEL_SELECTED.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
          "5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
          "5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
          "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
          "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
          "5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
          "5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
          "5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
          "5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
          "6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
          "6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
          "6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
          "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
          "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
          "6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
          "6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
          "6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
          "6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-4415"
        },
        {
          "category": "external",
          "summary": "RHBZ#979452",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=979452"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4415",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-4415"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4415",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4415"
        }
      ],
      "release_date": "2014-02-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-02-10T17:29:31+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nRun the following command to restart the Red Hat Satellite server:\n\n# rhn-satellite restart",
          "product_ids": [
            "5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
            "5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
            "5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
            "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
            "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
            "5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
            "5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
            "6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
            "6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
            "6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
            "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
            "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
            "6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
            "6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0148"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
            "5Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
            "5Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el5sat.src",
            "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.noarch",
            "5Server-Satellite56:satellite-branding-0:5.6.0.23-1.el5sat.src",
            "5Server-Satellite56:spacewalk-base-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-grail-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-html-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-0:2.0.2-58.el5sat.src",
            "5Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el5sat.noarch",
            "5Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el5sat.noarch",
            "5Server-Satellite56:spacewalk-web-0:2.0.3-19.el5sat.src",
            "6Server-ManagedDB56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
            "6Server-ManagedDB56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
            "6Server-ManagedDB56:spacewalk-web-0:2.0.3-19.el6sat.src",
            "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.noarch",
            "6Server-Satellite56:satellite-branding-0:5.6.0.23-1.el6sat.src",
            "6Server-Satellite56:spacewalk-base-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-base-minimal-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-base-minimal-config-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-dobby-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-grail-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-html-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-0:2.0.2-58.el6sat.src",
            "6Server-Satellite56:spacewalk-java-config-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-lib-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-oracle-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-java-postgresql-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-pxt-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-sniglets-0:2.0.3-19.el6sat.noarch",
            "6Server-Satellite56:spacewalk-taskomatic-0:2.0.2-58.el6sat.noarch",
            "6Server-Satellite56:spacewalk-web-0:2.0.3-19.el6sat.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)"
    }
  ]
}