[Bug 1459158] New: CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1459158
Bug ID: 1459158
Summary: CVE-2017-5664 tomcat: Security constrained bypass in
error page mechanism
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: aileenc(a)redhat.com, alee(a)redhat.com,
apintea(a)redhat.com, bkundal(a)redhat.com,
bmaxwell(a)redhat.com, ccoleman(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
csutherl(a)redhat.com, darran.lofthouse(a)redhat.com,
dedgar(a)redhat.com, dimitris(a)redhat.com,
dmcphers(a)redhat.com, dosoudil(a)redhat.com,
felias(a)redhat.com, fgavrilo(a)redhat.com,
gvarsami(a)redhat.com, gzaronik(a)redhat.com,
hchiorea(a)redhat.com, hhorak(a)redhat.com,
ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jclere(a)redhat.com,
jcoleman(a)redhat.com, jdoyle(a)redhat.com,
jgoulding(a)redhat.com, joelsmith(a)redhat.com,
jolee(a)redhat.com, jondruse(a)redhat.com,
jorton(a)redhat.com, jshepherd(a)redhat.com,
kconner(a)redhat.com, krzysztof.daniel(a)gmail.com,
ldimaggi(a)redhat.com, lgao(a)redhat.com,
loleary(a)redhat.com, mbabacek(a)redhat.com,
me(a)coolsvap.net, mizdebsk(a)redhat.com,
myarboro(a)redhat.com, nwallace(a)redhat.com,
pavelp(a)redhat.com, pgier(a)redhat.com,
pjurak(a)redhat.com, ppalaga(a)redhat.com,
psakar(a)redhat.com, pslavice(a)redhat.com,
rnetuka(a)redhat.com, rstancel(a)redhat.com,
rsvoboda(a)redhat.com, rwagner(a)redhat.com,
spinder(a)redhat.com, sstavrev(a)redhat.com,
tcunning(a)redhat.com, theute(a)redhat.com,
tkirby(a)redhat.com, trick(a)vanstaveren.us,
twalsh(a)redhat.com, vhalbert(a)redhat.com,
vtunka(a)redhat.com, weli(a)redhat.com
The error page mechanism of the Java Servlet Specification requires that, when
an error occurs and an error page is configured for the error that occurred,
the original request and response are forwarded to the error page. This means
that the request is presented to the error page with the original HTTP method.
If the error page is a static file, expected behaviour is to serve content of
the file as if processing a GET request, regardless of the actual HTT method.
Tomcat's Default Servlet did not do this. Depending on the original request
this could lead to unexpected and undesirable results for static error pages
including, if the DefaultServlet is configured to permit writes, the
replacement or removal of the custom error page.
Affects: 7.0.0 to 7.0.77, 8.0.0.RC1 to 8.0.43, 8.5.0 to 8.5.14
Upstream fixes:
Tomcat 7.x:
https://svn.apache.org/viewvc?view=revision&revision=1793471
https://svn.apache.org/viewvc?view=revision&revision=1793491
Tomcat 8.0.x:
https://svn.apache.org/viewvc?view=revision&revision=1793470
https://svn.apache.org/viewvc?view=revision&revision=1793489
Tomcat 8.5.x:
https://svn.apache.org/viewvc?view=revision&revision=1793469
https://svn.apache.org/viewvc?view=revision&revision=1793488
External References:
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.78
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.44
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.15
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 1 month
[Bug 1508129] New: CVE-2016-5004 xmlrpc: XSS in Content-Encoding HTTP header of xmlrpc
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1508129
Bug ID: 1508129
Summary: CVE-2016-5004 xmlrpc: XSS in Content-Encoding HTTP
header of xmlrpc
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: abhgupta(a)redhat.com, bmcclain(a)redhat.com,
dbhole(a)redhat.com, dblechte(a)redhat.com,
dwalluck(a)redhat.com, eedri(a)redhat.com,
hhorak(a)redhat.com, java-maint(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jorton(a)redhat.com, krzysztof.daniel(a)gmail.com,
kseifried(a)redhat.com, mgoldboi(a)redhat.com,
michal.skrivanek(a)redhat.com, mizdebsk(a)redhat.com,
msimacek(a)redhat.com, puntogil(a)libero.it,
sbonazzo(a)redhat.com, sherold(a)redhat.com,
sochotni(a)redhat.com, tiwillia(a)redhat.com,
ykaul(a)redhat.com, ylavi(a)redhat.com
The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache
Archiva allows remote attackers to cause a denial of service (resource
consumption) by decompressing a large file containing zeroes.
References:
http://www.openwall.com/lists/oss-security/2016/07/12/5
https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 1 month
[Bug 1444759] New: CVE-2017-3523 mysql-connector-java: Connector/ J unspecified vulnerability (CPU Apr 2017)
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1444759
Bug ID: 1444759
Summary: CVE-2017-3523 mysql-connector-java: Connector/J
unspecified vulnerability (CPU Apr 2017)
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: abhgupta(a)redhat.com, aileenc(a)redhat.com,
avibelli(a)redhat.com, chazlett(a)redhat.com,
coneill(a)redhat.com, databases-maint(a)redhat.com,
gsterlin(a)redhat.com, gvarsami(a)redhat.com,
hhorak(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jbalunas(a)redhat.com, jcoleman(a)redhat.com,
jshepherd(a)redhat.com, kconner(a)redhat.com,
kseifried(a)redhat.com, ldimaggi(a)redhat.com,
mmuzila(a)redhat.com, mschorm(a)redhat.com,
nwallace(a)redhat.com, puntogil(a)libero.it,
rrajasek(a)redhat.com, rwagner(a)redhat.com,
tcunning(a)redhat.com, tiwillia(a)redhat.com,
tjay(a)redhat.com, tkirby(a)redhat.com, xjakub(a)fi.muni.cz
Blocks: 1444415
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent:
Connector/J). Supported versions that are affected are 5.1.40 and eariler.
Difficult to exploit vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MySQL Connectors. While the
vulnerability is in MySQL Connectors, attacks may significantly impact
additional products. Successful attacks of this vulnerability can result in
takeover of MySQL Connectors.
External References:
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.ht...
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 1 month
[Bug 1444406] New: CVE-2017-3586 mysql-connector-java: Connector/ J unspecified vulnerability (CPU Apr 2017)
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1444406
Bug ID: 1444406
Summary: CVE-2017-3586 mysql-connector-java: Connector/J
unspecified vulnerability (CPU Apr 2017)
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: abhgupta(a)redhat.com, aileenc(a)redhat.com,
avibelli(a)redhat.com, chazlett(a)redhat.com,
coneill(a)redhat.com, databases-maint(a)redhat.com,
gsterlin(a)redhat.com, gvarsami(a)redhat.com,
hhorak(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jbalunas(a)redhat.com, jcoleman(a)redhat.com,
jshepherd(a)redhat.com, kconner(a)redhat.com,
kseifried(a)redhat.com, ldimaggi(a)redhat.com,
mmuzila(a)redhat.com, mschorm(a)redhat.com,
nwallace(a)redhat.com, puntogil(a)libero.it,
rrajasek(a)redhat.com, rwagner(a)redhat.com,
tcunning(a)redhat.com, tiwillia(a)redhat.com,
tjay(a)redhat.com, tkirby(a)redhat.com, xjakub(a)fi.muni.cz
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent:
Connector/J). Supported versions that are affected are 5.1.41 and earlier.
Easily exploitable vulnerability allows low privileged attacker with network
access via multiple protocols to compromise MySQL Connectors. While the
vulnerability is in MySQL Connectors, attacks may significantly impact
additional products. Successful attacks of this vulnerability can result in
unauthorized update, insert or delete access to some of MySQL Connectors
accessible data as well as unauthorized read access to a subset of MySQL
Connectors accessible data.
External References:
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.ht...
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 1 month
[Bug 1444407] New: CVE-2017-3589 mysql-connector-java: Connector/ J unspecified vulnerability (CPU Apr 2017)
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1444407
Bug ID: 1444407
Summary: CVE-2017-3589 mysql-connector-java: Connector/J
unspecified vulnerability (CPU Apr 2017)
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: abhgupta(a)redhat.com, aileenc(a)redhat.com,
avibelli(a)redhat.com, chazlett(a)redhat.com,
coneill(a)redhat.com, databases-maint(a)redhat.com,
gsterlin(a)redhat.com, gvarsami(a)redhat.com,
hhorak(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jbalunas(a)redhat.com, jcoleman(a)redhat.com,
jshepherd(a)redhat.com, kconner(a)redhat.com,
kseifried(a)redhat.com, ldimaggi(a)redhat.com,
mmuzila(a)redhat.com, mschorm(a)redhat.com,
nwallace(a)redhat.com, puntogil(a)libero.it,
rrajasek(a)redhat.com, rwagner(a)redhat.com,
tcunning(a)redhat.com, tiwillia(a)redhat.com,
tjay(a)redhat.com, tkirby(a)redhat.com, xjakub(a)fi.muni.cz
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent:
Connector/J). Supported versions that are affected are 5.1.41 and earlier.
Easily exploitable vulnerability allows low privileged attacker with logon to
the infrastructure where MySQL Connectors executes to compromise MySQL
Connectors. Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of MySQL Connectors accessible data.
External References:
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.ht...
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 1 month
[Bug 1291292] New: CVE-2015-5254 activemq: unsafe deserialization
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1291292
Bug ID: 1291292
Summary: CVE-2015-5254 activemq: unsafe deserialization
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: mprpic(a)redhat.com
CC: abhgupta(a)redhat.com, agrimm(a)redhat.com,
aileenc(a)redhat.com, ccoleman(a)redhat.com,
chazlett(a)redhat.com, dmcphers(a)redhat.com,
gvarsami(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jcoleman(a)redhat.com, jialiu(a)redhat.com,
joelsmith(a)redhat.com, jokerman(a)redhat.com,
kconner(a)redhat.com, kseifried(a)redhat.com,
ldimaggi(a)redhat.com, lmeyer(a)redhat.com,
mmccomas(a)redhat.com, nwallace(a)redhat.com,
pavelp(a)redhat.com, puntogil(a)libero.it,
rwagner(a)redhat.com,
soa-p-jira(a)post-office.corp.redhat.com, s(a)shk.io,
tcunning(a)redhat.com, tdawson(a)redhat.com,
tiwillia(a)redhat.com, tkirby(a)redhat.com
JMS Object messages depends on Java Serialization for marshaling/unmashaling of
the message payload. There are a couple of places inside the broker where
deserialization can occur, like web console or stomp object message
transformation. As deserialization of untrusted data can leaed to security
flaws as demonstrated in various reports, this leaves the broker vunerable to
this attack vector. Additionally, applications that consume ObjectMessage type
of messages can be vunerable as they deserlize objects on
ObjectMessage.getObject() calls.
This issue was fixed upstream in Apache ActiveMQ 5.13.0. Additionally, when
using ObjectMessage message type, you need to explicitly list trusted packages.
To see how to do that, please take a look at:
http://activemq.apache.org/objectmessage.html
External References:
http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announc...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=gmTDQZJf60&a=cc_unsubscribe
6 years, 1 month
[Bug 1418717] New: CVE-2017-2606 jenkins: Internal API allowed access to item names that should not be visible ( SECURITY-380)
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1418717
Bug ID: 1418717
Summary: CVE-2017-2606 jenkins: Internal API allowed access to
item names that should not be visible (SECURITY-380)
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: abhgupta(a)redhat.com, bleanhar(a)redhat.com,
ccoleman(a)redhat.com, dedgar(a)redhat.com,
dmcphers(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jgoulding(a)redhat.com, jkeck(a)redhat.com,
joelsmith(a)redhat.com, kseifried(a)redhat.com,
mizdebsk(a)redhat.com, msrb(a)redhat.com,
tdawson(a)redhat.com, tiwillia(a)redhat.com
The following flaw was found in Jenkins:
The method Jenkins#getItems() included a performance optimization that resulted
in all items being returned if the Logged in users can do anything
authorization strategy was used, and no access was granted to anonymous users
(an option added in Jenkins 2.0). This only affects anonymous users (other
users legitimately have access) that were able to get a list of items via an
UnprotectedRootAction.
External References:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20...
Upstream patch:
https://github.com/jenkinsci/jenkins/commit/09cfbc9cd5c9df7c763bc976b7f5c...
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 1 month
[Bug 1493190] New: CVE-2017-14228 nasm: NULL pointer dereference in the paste_tokens function [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1493190
Bug ID: 1493190
Summary: CVE-2017-14228 nasm: NULL pointer dereference in the
paste_tokens function [fedora-all]
Product: Fedora
Version: 26
Component: nasm
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: mizdebsk(a)redhat.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msimacek(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 1 month