CVE-2014-3497

Priority
Medium
Description
Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through
1.13.1 allows remote attackers to inject arbitrary web script or HTML via
the WWW-Authenticate header.
References
Bugs
Notes
jdstrand> per upstream, introduced in 1.11.0
Assigned-to
jdstrand
Package
Source: swift (LP Ubuntu Debian)
Upstream:pending (2.0.0)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 13.10 (Saucy Salamander):not-affected (1.10.0-0ubuntu1.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.13.1-0ubuntu1.1)
Ubuntu 14.10 (Utopic Unicorn):released (1.13.1-0ubuntu3)
Patches:
Upstream:https://review.openstack.org/101031 (juno)
Upstream:https://review.openstack.org/101032 (icehouse)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-07-09 17:14:40 UTC (commit 8218)