CVE-2014-3497

Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openstack:swift:1.11.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:swift:1.12.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:swift:1.13.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:swift:1.13.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:swift:1.13.1:rc1:*:*:*:*:*:*
cpe:2.3:a:openstack:swift:1.13.1:rc2:*:*:*:*:*:*

History

13 Feb 2023, 00:39

Type Values Removed Values Added
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2014:0941', 'name': 'https://access.redhat.com/errata/RHSA-2014:0941', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2014-3497', 'name': 'https://access.redhat.com/security/cve/CVE-2014-3497', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1110809', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1110809', 'tags': [], 'refsource': 'MISC'}
Summary It was found that Swift did not escape all HTTP header values, allowing data to be injected into the responses sent from the Swift server. This could lead to cross-site scripting attacks (and possibly other impacts) if a user were tricked into clicking on a malicious URL. Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header.

02 Feb 2023, 20:17

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/errata/RHSA-2014:0941 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2014-3497 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1110809 -
Summary Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header. It was found that Swift did not escape all HTTP header values, allowing data to be injected into the responses sent from the Swift server. This could lead to cross-site scripting attacks (and possibly other impacts) if a user were tricked into clicking on a malicious URL.

Information

Published : 2014-07-03 17:55

Updated : 2023-12-10 11:31


NVD link : CVE-2014-3497

Mitre link : CVE-2014-3497

CVE.ORG link : CVE-2014-3497


JSON object : View

Products Affected

openstack

  • swift
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')