[Bug 1579611] CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1579611
Kunjan Rathod <krathod(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
|0517,reported=20180518,sour |0517,reported=20180518,sour
|ce=internet,cvss3=5.7/CVSS: |ce=internet,cvss3=5.7/CVSS:
|3.0/AV:N/AC:L/PR:L/UI:R/S:U |3.0/AV:N/AC:L/PR:L/UI:R/S:U
|/C:H/I:N/A:N,cwe=CWE-284,fe |/C:H/I:N/A:N,cwe=CWE-284,fe
|dora-all/tomcat=affected,ep |dora-all/tomcat=affected,ep
|el-all/tomcat=affected,rhsc |el-all/tomcat=affected,rhsc
|l-3/rh-java-common-tomcat=n |l-3/rh-java-common-tomcat=n
|otaffected,bpms-6/tomcat=no |otaffected,bpms-6/tomcat=no
|taffected,brms-6/tomcat=not |taffected,brms-6/tomcat=not
|affected,brms-5/jbossweb=no |affected,brms-5/jbossweb=no
|taffected,eap-5/jbossweb=ne |taffected,eap-5/jbossweb=ne
|w,eap-6/jbossweb=notaffecte |w,eap-6/jbossweb=notaffecte
|d,jdg-6/jbossweb=notaffecte |d,jdg-6/jbossweb=notaffecte
|d,jdg-7/tomcat=notaffected, |d,jdg-7/tomcat=notaffected,
|jdv-6/jbossweb=notaffected, |jdv-6/jbossweb=notaffected,
|soap-5/jbossweb=notaffected |soap-5/jbossweb=notaffected
|,fuse-7/tomcat=affected,fus |,fuse-7/tomcat=affected,fus
|e-6/jbossweb=wontfix,fsw-6/ |e-6/jbossweb=wontfix,fsw-6/
|jbossweb=wontfix,fis-2/tomc |jbossweb=wontfix,fis-2/tomc
|at=affected,springboot-1/to |at=affected,springboot-1/to
|mcat=affected,jbews-2/tomca |mcat=affected,jbews-2/tomca
|t6=notaffected,jbews-2/tomc |t6=notaffected,jbews-2/tomc
|at7=wontfix,jws-3/tomcat7=a |at7=wontfix,jws-3/tomcat7=a
|ffected,jws-3/tomcat8=affec |ffected,jws-3/tomcat8=affec
|ted,rhel-7/tomcat=affected, |ted,rhel-7/tomcat=affected,
|rhel-6/tomcat6=notaffected, |rhel-6/tomcat6=notaffected,
|jon-3/jbossweb=notaffected, |jon-3/jbossweb=notaffected,
|openshift-online-2/jbossweb |openshift-online-2/jbossweb
|=affected,rhel-8/pki-servle |=affected,rhel-8/pki-servle
|t-container=affected |t-container=affected,jws-5/
| |tomcat=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 1 month
[Bug 1261538] CVE-2015-5262 jakarta-commons-httpclient, httpcomponents-core: missing HTTPS connection timeout
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1261538
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dmoppert(a)redhat.com
Depends On| |1666895
Whiteboard|impact=low,public=20150903, |impact=low,public=20150903,
|reported=20150903,source=cu |reported=20150903,source=cu
|stomer,cvss2=4.3/AV:N/AC:M/ |stomer,cvss2=4.3/AV:N/AC:M/
|Au:N/C:N/I:N/A:P,cwe=CWE-77 |Au:N/C:N/I:N/A:P,cwe=CWE-77
|0,rhel-5/jakarta-commons-ht |0,rhel-5/jakarta-commons-ht
|tpclient=wontfix,rhel-6/jak |tpclient=wontfix,rhel-6/jak
|arta-commons-httpclient=aff |arta-commons-httpclient=aff
|ected,rhel-7/jakarta-common |ected,rhel-7/jakarta-common
|s-httpclient=affected,rhel- |s-httpclient=affected,rhel-
|7/httpcomponents-core=notaf |7/httpcomponents-core=notaf
|fected,fedora-all/jakarta-c |fected,fedora-all/jakarta-c
|ommons-httpclient=affected, |ommons-httpclient=affected,
|fedora-all/httpcomponents-c |fedora-all/httpcomponents-c
|ore=notaffected |ore=notaffected,rhev-m-4/ov
| |irt-engine-sdk-java=affecte
| |d
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 1 month
[Bug 1129074] CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1129074
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dmoppert(a)redhat.com
Depends On| |1666895
Whiteboard|impact=important,public=201 |impact=important,public=201
|40818,reported=20140812,sou |40818,reported=20140812,sou
|rce=upstream,cvss2=5.8/AV:N |rce=upstream,cvss2=5.8/AV:N
|/AC:M/Au:N/C:P/I:P/A:N,cvss |/AC:M/Au:N/C:P/I:P/A:N,cvss
|3=4.8/CVSS:3.0/AV:N/AC:H/PR |3=4.8/CVSS:3.0/AV:N/AC:H/PR
|:N/UI:N/S:U/C:L/I:L/A:N,cwe |:N/UI:N/S:U/C:L/I:L/A:N,cwe
|=CWE-297,rhel-5/jakarta-com |=CWE-297,rhel-5/jakarta-com
|mons-httpclient=affected,rh |mons-httpclient=affected,rh
|el-6/jakarta-commons-httpcl |el-6/jakarta-commons-httpcl
|ient=affected,rhel-7/jakart |ient=affected,rhel-7/jakart
|a-commons-httpclient=affect |a-commons-httpclient=affect
|ed,fedora-all/jakarta-commo |ed,fedora-all/jakarta-commo
|ns-httpclient=affected,rhel |ns-httpclient=affected,rhel
|-7/httpcomponents-client=af |-7/httpcomponents-client=af
|fected,fedora-all/httpcompo |fected,fedora-all/httpcompo
|nents-client=affected,brms- |nents-client=affected,brms-
|6/httpclient=affected,bpms- |6/httpclient=affected,bpms-
|6/httpclient=affected,brms- |6/httpclient=affected,brms-
|6/jakarta-commons-httpclien |6/jakarta-commons-httpclien
|t=affected,bpms-6/jakarta-c |t=affected,bpms-6/jakarta-c
|ommons-httpclient=affected, |ommons-httpclient=affected,
|jdg-6/httpclient=affected,j |jdg-6/httpclient=affected,j
|dv-6/modeshape-client=defer |dv-6/modeshape-client=defer
|,jdv-6/httpclient=affected, |,jdv-6/httpclient=affected,
|dts-2.1/httpcomponents-clie |dts-2.1/httpcomponents-clie
|nt=notaffected,eap-4/jakart |nt=notaffected,eap-4/jakart
|a-commons-httpclient=wontfi |a-commons-httpclient=wontfi
|x,eap-5/httpclient=affected |x,eap-5/httpclient=affected
|,eap-5/jakarta-commons-http |,eap-5/jakarta-commons-http
|client=affected,eap-6/httpc |client=affected,eap-6/httpc
|lient=affected,eap-6/jakart |lient=affected,eap-6/jakart
|a-commons-httpclient=defer, |a-commons-httpclient=defer,
|epp-5/httpclient=affected,e |epp-5/httpclient=affected,e
|pp-5/jakarta-commons-httpcl |pp-5/jakarta-commons-httpcl
|ient=affected,brms-5/httpcl |ient=affected,brms-5/httpcl
|ient=wontfix,brms-5/jakarta |ient=wontfix,brms-5/jakarta
|-commons-httpclient=wontfix |-commons-httpclient=wontfix
|,brms-5/modeshape-client=wo |,brms-5/modeshape-client=wo
|ntfix,soap-4.3/jakarta-comm |ntfix,soap-4.3/jakarta-comm
|ons-httpclient=wontfix,soap |ons-httpclient=wontfix,soap
|-5/httpclient=affected,soap |-5/httpclient=affected,soap
|-5/jakarta-commons-httpclie |-5/jakarta-commons-httpclie
|nt=affected,jbews-1/jakarta |nt=affected,jbews-1/jakarta
|-commons-httpclient=wontfix |-commons-httpclient=wontfix
|,fsw-6/httpclient=affected, |,fsw-6/httpclient=affected,
|jon-3/httpclient=affected,j |jon-3/httpclient=affected,j
|on-3/jakarta-commons-httpcl |on-3/jakarta-commons-httpcl
|ient=affected,jpp-6/httpcli |ient=affected,jpp-6/httpcli
|ent=affected,wfk-2/httpclie |ent=affected,wfk-2/httpclie
|nt=affected,openshift-enter |nt=affected,openshift-enter
|prise-1/wagon-http=notaffec |prise-1/wagon-http=notaffec
|ted,openshift-enterprise-2/ |ted,openshift-enterprise-2/
|wagon-http=notaffected,open |wagon-http=notaffected,open
|shift-enterprise-1/jakarta- |shift-enterprise-1/jakarta-
|commons-httpclient=wontfix, |commons-httpclient=wontfix,
|openshift-enterprise-2/jaka |openshift-enterprise-2/jaka
|rta-commons-httpclient=affe |rta-commons-httpclient=affe
|cted,openshift-enterprise-2 |cted,openshift-enterprise-2
|/httpclient=affected,rhev-m |/httpclient=affected,rhev-m
|-3/jasperreports-server-pro |-3/jasperreports-server-pro
|=affected,rhev-m-3.4/rhevm- |=affected,rhev-m-3.4/rhevm-
|dependencies=wontfix,rhev-m |dependencies=wontfix,rhev-m
|-3.5/rhevm-dependencies=aff |-3.5/rhevm-dependencies=aff
|ected,rhev-m-3/redhat-suppo |ected,rhev-m-3/redhat-suppo
|rt-plugin-rhev=affected,rhn |rt-plugin-rhev=affected,rhn
|_satellite_6/httpcomponents |_satellite_6/httpcomponents
|-client=affected,rhn_satell |-client=affected,rhn_satell
|ite_5/jakarta-commons-httpc |ite_5/jakarta-commons-httpc
|lient=wontfix,rhscl-1/therm |lient=wontfix,rhscl-1/therm
|ostat1-httpcomponents-clien |ostat1-httpcomponents-clien
|t=affected,rhscl-1/maven30- |t=affected,rhscl-1/maven30-
|httpcomponents-client=affec |httpcomponents-client=affec
|ted,rhscl-1/maven30-jakarta |ted,rhscl-1/maven30-jakarta
|-commons-httpclient=affecte |-commons-httpclient=affecte
|d,rhes-2.1/rhevm-dependenci |d,rhes-2.1/rhevm-dependenci
|es=wontfix,rhes-3.0/rhevm-d |es=wontfix,rhes-3.0/rhevm-d
|ependencies=wontfix,jboss/e |ependencies=wontfix,jboss/e
|wp-5=affected,jboss/fuse-es |wp-5=affected,jboss/fuse-es
|b-4=wontfix,jboss/fuse-esb- |b-4=wontfix,jboss/fuse-esb-
|7=affected,jboss/fuse-mq-5. |7=affected,jboss/fuse-mq-5.
|4=wontfix,jboss/fuse-mq-5.5 |4=wontfix,jboss/fuse-mq-5.5
|=affected,jboss/fuse-mq-7=a |=affected,jboss/fuse-mq-7=a
|ffected,jboss/fsf-2=wontfix |ffected,jboss/fsf-2=wontfix
|,jboss/amq-6=affected,jboss |,jboss/amq-6=affected,jboss
|/jds-5=defer,jboss/jds-6=de |/jds-5=defer,jboss/jds-6=de
|fer,jboss/jds-7=defer,jboss |fer,jboss/jds-7=defer,jboss
|/fuse-6=affected,brms-5/cxf |/fuse-6=affected,brms-5/cxf
|=affected,brms-6/cxf=affect |=affected,brms-6/cxf=affect
|ed,bpms-6/cxf=affected,soap |ed,bpms-6/cxf=affected,soap
|-5/cxf=affected,fsw-6/cxf=a |-5/cxf=affected,fsw-6/cxf=a
|ffected,eds-5/cxf=affected, |ffected,eds-5/cxf=affected,
|jdv-6/cxf=affected,eap-5/cx |jdv-6/cxf=affected,eap-5/cx
|f=affected,eap-6/cxf=affect |f=affected,eap-6/cxf=affect
|ed,jon-3/cxf=affected,jpp-6 |ed,jon-3/cxf=affected,jpp-6
|/cxf=affected,jdg-6/cxf=aff |/cxf=affected,jdg-6/cxf=aff
|ected,eds-5/httpclient=affe |ected,eds-5/httpclient=affe
|cted |cted,rhev-m-4/ovirt-engine-
| |sdk-java=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 1 month