{ "threat_severity" : "Moderate", "public_date" : "2014-02-07T00:00:00Z", "bugzilla" : { "description" : "JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions", "id" : "1065139", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1065139" }, "cvss" : { "cvss_base_score" : "4.3", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status" : "verified" }, "cwe" : "CWE-79", "details" : [ "Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.", "It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute arbitrary web script in the user's browser." ], "affected_release" : [ { "product_name" : "Red Hat JBoss BPMS 6.0", "release_date" : "2015-02-17T00:00:00Z", "advisory" : "RHSA-2015:0234", "cpe" : "cpe:/a:redhat:jboss_bpms:6.0" }, { "product_name" : "Red Hat JBoss BRMS 6.0", "release_date" : "2015-02-17T00:00:00Z", "advisory" : "RHSA-2015:0235", "cpe" : "cpe:/a:redhat:jboss_brms:6.0" }, { "product_name" : "Red Hat JBoss Data Virtualization 6.0", "release_date" : "2015-03-31T00:00:00Z", "advisory" : "RHSA-2015:0765", "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6.0" }, { "product_name" : "Red Hat JBoss Data Virtualization 6.1", "release_date" : "2015-03-11T00:00:00Z", "advisory" : "RHSA-2015:0675", "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6.1" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6.0", "release_date" : "2015-03-24T00:00:00Z", "advisory" : "RHSA-2015:0720", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6.0" }, { "product_name" : "Red Hat JBoss Operations Network 3.2", "release_date" : "2014-07-21T00:00:00Z", "advisory" : "RHSA-2014:0910", "cpe" : "cpe:/a:redhat:jboss_operations_network:3.2.2" }, { "product_name" : "Red Hat JBoss Portal 6.2", "release_date" : "2015-05-14T00:00:00Z", "advisory" : "RHSA-2015:1009", "cpe" : "cpe:/a:redhat:jboss_enterprise_portal_platform:6.2", "package" : "JSF" }, { "product_name" : "Red Hat JBoss Web Framework Kit 2.6", "release_date" : "2014-07-16T00:00:00Z", "advisory" : "RHSA-2014:0896", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_framework:2.6.0", "package" : "JSF" } ], "package_state" : [ { "product_name" : "Red Hat BPM Suite 6", "fix_state" : "Affected", "package_name" : "JSF", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform" }, { "product_name" : "Red Hat JBoss BRMS 5", "fix_state" : "Will not fix", "package_name" : "JSF", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:5" }, { "product_name" : "Red Hat JBoss BRMS 6", "fix_state" : "Affected", "package_name" : "JSF", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:6" }, { "product_name" : "Red Hat JBoss Data Grid 6", "fix_state" : "Not affected", "package_name" : "JSF", "cpe" : "cpe:/a:redhat:jboss_data_grid:6" }, { "product_name" : "Red Hat JBoss Data Virtualization 6", "fix_state" : "Affected", "package_name" : "JSF", "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 5", "fix_state" : "Will not fix", "package_name" : "JSF", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Affected", "package_name" : "JSF", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 1", "fix_state" : "Will not fix", "package_name" : "JSF", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:1" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6", "fix_state" : "Affected", "package_name" : "JSF", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6" }, { "product_name" : "Red Hat JBoss Operations Network 3", "fix_state" : "Affected", "package_name" : "JSF", "cpe" : "cpe:/a:redhat:jboss_operations_network:3" }, { "product_name" : "Red Hat JBoss Portal 5", "fix_state" : "Will not fix", "package_name" : "JSF", "cpe" : "cpe:/a:redhat:jboss_enterprise_portal_platform:5" }, { "product_name" : "Red Hat JBoss SOA Platform 4", "fix_state" : "Will not fix", "package_name" : "JSF", "cpe" : "cpe:/a:redhat:jboss_enterprise_soa_platform:4" }, { "product_name" : "Red Hat JBoss SOA Platform 5", "fix_state" : "Will not fix", "package_name" : "JSF", "cpe" : "cpe:/a:redhat:jboss_enterprise_soa_platform:5" }, { "product_name" : "Red Hat Satellite 5", "fix_state" : "Will not fix", "package_name" : "JSF", "cpe" : "cpe:/a:redhat:network_satellite:5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-5855\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-5855\nhttp://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JSF-outputText-tag-the-good-the-bad-and-the-ugly/bc-p/6370209" ], "name" : "CVE-2013-5855", "csaw" : false }