[Bug 1510968] CVE-2017-8028 spring-ldap: Authentication with userSearch and STARTTLS allows authentication with arbitrary password
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1510968
Chess Hazlett <chazlett(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|71016,reported=20171016,sou |71016,reported=20171016,sou
|rce=internet,cvss3=7.4/CVSS |rce=internet,cvss3=7.4/CVSS
|:3.0/AV:N/AC:H/PR:N/UI:N/S: |:3.0/AV:N/AC:H/PR:N/UI:N/S:
|U/C:H/I:H/A:N,cwe=CWE-592,f |U/C:H/I:H/A:N,cwe=CWE-592,f
|edora-all/spring-ldap=affec |edora-all/spring-ldap=affec
|ted,fuse-6/Camel=affected,r |ted,fuse-6/Camel=affected,r
|hes-3/spring-ldap-core=wont |hes-3/spring-ldap-core=wont
|fix/impact=low |fix/impact=low,fuse-7/cxf/s
| |pring-ldap-core=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years
[Bug 1540030] CVE-2018-1199 spring-framework: Improper URL path validation allows for bypassing of security checks on static resources
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1540030
Chess Hazlett <chazlett(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|80129,reported=20180130,sou |80129,reported=20180130,sou
|rce=internet,cvss3=7.5/CVSS |rce=internet,cvss3=7.5/CVSS
|:3.0/AV:N/AC:L/PR:N/UI:N/S: |:3.0/AV:N/AC:L/PR:N/UI:N/S:
|U/C:H/I:N/A:N,cwe=CWE-20,fe |U/C:H/I:N/A:N,cwe=CWE-20,fe
|dora-all/springframework=no |dora-all/springframework=no
|taffected,fedora-all/spring |taffected,fedora-all/spring
|framework-security=affected |framework-security=affected
|,rhel-8/springframework=not |,rhel-8/springframework=not
|affected,fsw-6/spring=notaf |affected,fsw-6/spring=notaf
|fected,fuse-6/spring=notaff |fected,fuse-6/spring=notaff
|ected,jdv-6/spring=notaffec |ected,jdv-6/spring=notaffec
|ted,brms-5/spring=notaffect |ted,brms-5/spring=notaffect
|ed,soap-5/spring=notaffecte |ed,soap-5/spring=notaffecte
|d,openstack-9/opendaylight= |d,openstack-9/opendaylight=
|wontfix,openstack-10/openda |wontfix,openstack-10/openda
|ylight=wontfix,openstack-11 |ylight=wontfix,openstack-11
|/opendaylight=wontfix,opens |/opendaylight=wontfix,opens
|tack-12/opendaylight=wontfi |tack-12/opendaylight=wontfi
|x,rhes-3/rhevm-dependencies |x,rhes-3/rhevm-dependencies
|=notaffected,amq-6/spring=n |=notaffected,amq-6/spring=n
|otaffected,eap-5/jbossweb=n |otaffected,eap-5/jbossweb=n
|otaffected,eap-7/undertow=n |otaffected,eap-7/undertow=n
|otaffected,eap-6/jbossweb=n |otaffected,eap-6/jbossweb=n
|otaffected,jpp-6/spring=not |otaffected,jpp-6/spring=not
|affected,jbews-2/tomcat=not |affected,jbews-2/tomcat=not
|affected,jws-3/tomcat=notaf |affected,jws-3/tomcat=notaf
|fected,rhmap-4/spring=notaf |fected,rhmap-4/spring=notaf
|fected,fis-2/spring=affecte |fected,fis-2/spring=affecte
|d,openshift-enterprise-3/mi |d,openshift-enterprise-3/mi
|llicore=notaffected/impact= |llicore=notaffected/impact=
|low |low,fuse-7/spring=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years
[Bug 1584392] CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1584392
Chess Hazlett <chazlett(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|80605,reported=20180529,sou |80605,reported=20180529,sou
|rce=researcher,cvss3=7.3/CV |rce=researcher,cvss3=7.3/CV
|SS:3.0/AV:N/AC:L/PR:N/UI:N/ |SS:3.0/AV:N/AC:L/PR:N/UI:N/
|S:U/C:L/I:L/A:L,cwe=CWE-22, |S:U/C:L/I:L/A:L,cwe=CWE-22,
|rhscl-3/rh-maven33-plexus-a |rhscl-3/rh-maven33-plexus-a
|rchiver=affected,rhel-7/ple |rchiver=affected,rhel-7/ple
|xus-archiver=affected,rhel- |xus-archiver=affected,rhel-
|8/plexus-archiver=affected, |8/plexus-archiver=affected,
|fedora-27/plexus-archiver=a |fedora-27/plexus-archiver=a
|ffected,fedora-28/plexus-ar |ffected,fedora-28/plexus-ar
|chiver=affected,fis-2/plexu |chiver=affected,fis-2/plexu
|s-archiver=notaffected,jbds |s-archiver=affected,jbds-9/
|-9/plexus-archiver=notaffec |plexus-archiver=notaffected
|ted,openstack-9/opendayligh |,openstack-9/opendaylight=w
|t=wontfix/impact=low,rhscl- |ontfix/impact=low,rhscl-3/r
|3/rh-maven35-plexus-archive |h-maven35-plexus-archiver=a
|r=affected,fuse-7/plexus-ar |ffected,fuse-7/plexus-archi
|chiver=affected |ver=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years
[Bug 1584392] CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1584392
Chess Hazlett <chazlett(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|80605,reported=20180529,sou |80605,reported=20180529,sou
|rce=researcher,cvss3=7.3/CV |rce=researcher,cvss3=7.3/CV
|SS:3.0/AV:N/AC:L/PR:N/UI:N/ |SS:3.0/AV:N/AC:L/PR:N/UI:N/
|S:U/C:L/I:L/A:L,cwe=CWE-22, |S:U/C:L/I:L/A:L,cwe=CWE-22,
|rhscl-3/rh-maven33-plexus-a |rhscl-3/rh-maven33-plexus-a
|rchiver=affected,rhel-7/ple |rchiver=affected,rhel-7/ple
|xus-archiver=affected,rhel- |xus-archiver=affected,rhel-
|8/plexus-archiver=affected, |8/plexus-archiver=affected,
|fedora-27/plexus-archiver=a |fedora-27/plexus-archiver=a
|ffected,fedora-28/plexus-ar |ffected,fedora-28/plexus-ar
|chiver=affected,fis-2/plexu |chiver=affected,fis-2/plexu
|s-archiver=affected,jbds-9/ |s-archiver=notaffected,jbds
|plexus-archiver=notaffected |-9/plexus-archiver=notaffec
|,openstack-9/opendaylight=w |ted,openstack-9/opendayligh
|ontfix/impact=low,rhscl-3/r |t=wontfix/impact=low,rhscl-
|h-maven35-plexus-archiver=a |3/rh-maven35-plexus-archive
|ffected,fuse-7/plexus-archi |r=affected,fuse-7/plexus-ar
|ver=affected |chiver=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years
[Bug 1584392] CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1584392
Chess Hazlett <chazlett(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |chazlett(a)redhat.com
Whiteboard|impact=important,public=201 |impact=important,public=201
|80605,reported=20180529,sou |80605,reported=20180529,sou
|rce=researcher,cvss3=7.3/CV |rce=researcher,cvss3=7.3/CV
|SS:3.0/AV:N/AC:L/PR:N/UI:N/ |SS:3.0/AV:N/AC:L/PR:N/UI:N/
|S:U/C:L/I:L/A:L,cwe=CWE-22, |S:U/C:L/I:L/A:L,cwe=CWE-22,
|rhscl-3/rh-maven33-plexus-a |rhscl-3/rh-maven33-plexus-a
|rchiver=affected,rhel-7/ple |rchiver=affected,rhel-7/ple
|xus-archiver=affected,rhel- |xus-archiver=affected,rhel-
|8/plexus-archiver=affected, |8/plexus-archiver=affected,
|fedora-27/plexus-archiver=a |fedora-27/plexus-archiver=a
|ffected,fedora-28/plexus-ar |ffected,fedora-28/plexus-ar
|chiver=affected,fis-2/plexu |chiver=affected,fis-2/plexu
|s-archiver=affected,jbds-9/ |s-archiver=affected,jbds-9/
|plexus-archiver=notaffected |plexus-archiver=notaffected
|,openstack-9/opendaylight=w |,openstack-9/opendaylight=w
|ontfix/impact=low,rhscl-3/r |ontfix/impact=low,rhscl-3/r
|h-maven35-plexus-archiver=a |h-maven35-plexus-archiver=a
|ffected |ffected,fuse-7/plexus-archi
| |ver=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years
[Bug 1639090] CVE-2018-11796 tika: Incomplete fix allows for XML entity expansion resulting in denial of service
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1639090
Chess Hazlett <chazlett(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
|1010,reported=20181010,sour |1010,reported=20181010,sour
|ce=oss-security,cvss3=7.5/C |ce=oss-security,cvss3=7.5/C
|VSS:3.0/AV:N/AC:L/PR:N/UI:N |VSS:3.0/AV:N/AC:L/PR:N/UI:N
|/S:U/C:N/I:N/A:H,cwe=CWE-77 |/S:U/C:N/I:N/A:H,cwe=CWE-77
|6,fedora-all/tika=affected, |6,fedora-all/tika=affected,
|rhscl-3/rh-eclipse46-tika=n |rhscl-3/rh-eclipse46-tika=n
|otaffected,fuse-7/camel-tik |otaffected,fuse-7/camel-tik
|a=new,fsw-6/tika-core=new,b |a=affected,fsw-6/tika-core=
|rms-5/tika-core=new,brms-6/ |new,brms-5/tika-core=new,br
|tika-core=new,bpms-6/tika-c |ms-6/tika-core=new,bpms-6/t
|ore=new,jdv-6/tika-core=new |ika-core=new,jdv-6/tika-cor
|,rhn_satellite_5/tika=wontf |e=new,rhn_satellite_5/tika=
|ix/impact=low |wontfix/impact=low
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years