[OSSA 2014-020] XSS in Swift requests through WWW-Authenticate header (CVE-2014-3497)

[Tristan Cacqueray <tristan.cacqueray () enovance com>]

OpenStack Security Advisory: 2014-020
CVE: CVE-2014-3497
Date: June 19, 2014
Title: XSS in Swift requests through WWW-Authenticate header
Reporter: Globo.com Security Team
Products: Swift
Versions: 1.11.0 to 1.13.1

Description:
Globo.com Security Team reported a vulnerability in Swift's header value
escaping. By tricking a Swift user into clicking a malicious URL, a
remote attacker may inject data in Swift response while still appearing
to come from the Swift server, potentially leading to other client-side
vulnerabilities. All Swift setups are affected.

Juno (development branch) fix:
https://review.openstack.org/101031

Icehouse (1.13.*) fix:
https://review.openstack.org/101032

Notes:
This fix will be included in the upcoming 2.0.0 release.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3497
https://launchpad.net/bugs/1327414

--·
Tristan Cacqueray
OpenStack Vulnerability Management Team

Attachment: signature.asc
Description: OpenPGP digital signature