[Bug 1805006] New: Mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter, incomplete fix of CVE-2018-14371
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1805006
Bug ID: 1805006
Summary: Mojarra: Path traversal in
ResourceManager.java:getLocalePrefix() via the loc
parameter, incomplete fix of CVE-2018-14371
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: jwon(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
asoldano(a)redhat.com, atangrin(a)redhat.com,
avibelli(a)redhat.com, bbaranow(a)redhat.com,
bbuckingham(a)redhat.com, bcourt(a)redhat.com,
bgeorges(a)redhat.com, bkearney(a)redhat.com,
bmaxwell(a)redhat.com, brian.stansberry(a)redhat.com,
btotty(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, darran.lofthouse(a)redhat.com,
dkreling(a)redhat.com, dosoudil(a)redhat.com,
drieden(a)redhat.com, etirelli(a)redhat.com,
extras-orphan(a)fedoraproject.org, ggaughan(a)redhat.com,
gvarsami(a)redhat.com, hhudgeon(a)redhat.com,
ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jbalunas(a)redhat.com,
jcoleman(a)redhat.com, jochrist(a)redhat.com,
jpallich(a)redhat.com, jperkins(a)redhat.com,
jstastny(a)redhat.com, jwon(a)redhat.com,
kconner(a)redhat.com, krathod(a)redhat.com,
kverlaen(a)redhat.com, kwills(a)redhat.com,
ldimaggi(a)redhat.com, lef(a)fedoraproject.org,
lgao(a)redhat.com, loleary(a)redhat.com, lthon(a)redhat.com,
lzap(a)redhat.com, mmccune(a)redhat.com,
mnovotny(a)redhat.com, msochure(a)redhat.com,
msvehla(a)redhat.com, mszynkie(a)redhat.com,
nwallace(a)redhat.com, paradhya(a)redhat.com,
pdrozd(a)redhat.com, pgallagh(a)redhat.com,
pjindal(a)redhat.com, pmackay(a)redhat.com,
psotirop(a)redhat.com, puntogil(a)libero.it,
rchan(a)redhat.com, rguimara(a)redhat.com,
rjerrido(a)redhat.com, rrajasek(a)redhat.com,
rruss(a)redhat.com, rsvoboda(a)redhat.com,
rsynek(a)redhat.com, rwagner(a)redhat.com,
sdaley(a)redhat.com, smaestri(a)redhat.com,
sokeeffe(a)redhat.com, spinder(a)redhat.com,
sthorger(a)redhat.com, tbrisker(a)redhat.com,
tcunning(a)redhat.com, theute(a)redhat.com,
tkirby(a)redhat.com, tlestach(a)redhat.com,
tom.jenkinson(a)redhat.com
Blocks: 1783879
Target Milestone: ---
Classification: Other
A flaw was found in Mojarra. ResourceManager.java:getLocalePrefix() discloses
WEB-INF/faces-config.xml via the loc parameter. It was already reported as
CVE-2019-0199, but it's incomplete fix.
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 8 months
[Bug 1798509] New: CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1798509
Bug ID: 1798509
Summary: CVE-2019-20445 netty: HttpObjectDecoder.java allows
Content-Length header to accompanied by second
Content-Length header
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
aos-bugs(a)redhat.com, asoldano(a)redhat.com,
atangrin(a)redhat.com, ataylor(a)redhat.com,
avibelli(a)redhat.com, bbaranow(a)redhat.com,
bbuckingham(a)redhat.com, bcourt(a)redhat.com,
bgeorges(a)redhat.com, bkearney(a)redhat.com,
bmaxwell(a)redhat.com, bmontgom(a)redhat.com,
brian.stansberry(a)redhat.com, btotty(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
darran.lofthouse(a)redhat.com, decathorpe(a)gmail.com,
dkreling(a)redhat.com, dosoudil(a)redhat.com,
drieden(a)redhat.com, eparis(a)redhat.com,
etirelli(a)redhat.com, ganandan(a)redhat.com,
ggaughan(a)redhat.com, hhudgeon(a)redhat.com,
ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jbalunas(a)redhat.com,
jburrell(a)redhat.com, jcantril(a)redhat.com,
jerboaa(a)gmail.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jpallich(a)redhat.com,
jperkins(a)redhat.com, jross(a)redhat.com,
jstastny(a)redhat.com, jwon(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
kwills(a)redhat.com, lgao(a)redhat.com,
loleary(a)redhat.com, lthon(a)redhat.com, lzap(a)redhat.com,
mmccune(a)redhat.com, mnovotny(a)redhat.com,
msochure(a)redhat.com, msvehla(a)redhat.com,
mszynkie(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, paradhya(a)redhat.com,
pdrozd(a)redhat.com, pgallagh(a)redhat.com,
pjindal(a)redhat.com, pmackay(a)redhat.com,
psotirop(a)redhat.com, rchan(a)redhat.com,
rguimara(a)redhat.com, rjerrido(a)redhat.com,
rrajasek(a)redhat.com, rruss(a)redhat.com,
rsvoboda(a)redhat.com, rsynek(a)redhat.com,
sdaley(a)redhat.com, smaestri(a)redhat.com,
sochotni(a)redhat.com, sokeeffe(a)redhat.com,
spinder(a)redhat.com, sponnaga(a)redhat.com,
stewardship-sig(a)lists.fedoraproject.org,
sthorger(a)redhat.com, tbrisker(a)redhat.com,
theute(a)redhat.com, tom.jenkinson(a)redhat.com
Target Milestone: ---
Classification: Other
A vulnerability was found in HttpObjectDecoder.java in Netty before 4.1.44
allows a Content-Length header to be accompanied by a second Content-Length
header, or by a Transfer-Encoding header.
Reference:
https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44....
https://github.com/netty/netty/issues/9861
https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c879...
https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b1079...
https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e...
https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd3326...
https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df8...
https://lists.apache.org/thread.html/r81700644754e66ffea465c869cb477de25f...
https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535...
https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8...
https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755...
https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4...
https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae2629...
https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c...
https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd2...
https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa8482090...
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 8 months
[Bug 1800617] New: CVE-2020-5397 springframework: CSRF attack via CORS Preflight Requests with Spring MVC or Spring WebFlux
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1800617
Bug ID: 1800617
Summary: CVE-2020-5397 springframework: CSRF attack via CORS
Preflight Requests with Spring MVC or Spring WebFlux
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: aileenc(a)redhat.com, akoufoud(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
anstephe(a)redhat.com, chazlett(a)redhat.com,
dblechte(a)redhat.com, dfediuck(a)redhat.com,
dingyichen(a)gmail.com, drieden(a)redhat.com,
eedri(a)redhat.com, esammons(a)redhat.com,
etirelli(a)redhat.com, extras-orphan(a)fedoraproject.org,
ggaughan(a)redhat.com, gvarsami(a)redhat.com,
hvyas(a)redhat.com, ibek(a)redhat.com, janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jcoleman(a)redhat.com, jochrist(a)redhat.com,
jolee(a)redhat.com, jross(a)redhat.com,
jschatte(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
ldimaggi(a)redhat.com, lef(a)fedoraproject.org,
mcressma(a)redhat.com, mgoldboi(a)redhat.com,
michal.skrivanek(a)redhat.com, mnovotny(a)redhat.com,
nwallace(a)redhat.com, paradhya(a)redhat.com,
pjindal(a)redhat.com, puebele(a)redhat.com,
puntogil(a)libero.it, rrajasek(a)redhat.com,
rsynek(a)redhat.com, rwagner(a)redhat.com,
sbonazzo(a)redhat.com, sdaley(a)redhat.com,
sherold(a)redhat.com, sisharma(a)redhat.com,
tcunning(a)redhat.com, tkirby(a)redhat.com,
vbellur(a)redhat.com, vhalbert(a)redhat.com,
yturgema(a)redhat.com
Target Milestone: ---
Classification: Other
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks
through CORS preflight requests that target Spring MVC (spring-webmvc module)
or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated
endpoints are vulnerable because preflight requests should not include
credentials and therefore requests should fail authentication. However a
notable exception to this are Chrome based browsers when using client
certificates for authentication since Chrome sends TLS client certificates in
CORS preflight requests in violation of spec requirements. No HTTP body can be
sent or received as a result of this attack.
Reference:
https://pivotal.io/security/cve-2020-5397
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 10 months
[Bug 1709379] New: CVE-2018-20200 okhttp: certificate pinning bypass
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1709379
Bug ID: 1709379
Summary: CVE-2018-20200 okhttp: certificate pinning bypass
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190419,reported=20190419,sour
ce=cve,cvss3=6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/
I:L/A:N,cwe=CWE-300,fedora-all/okhttp=affected,openshi
ft-enterprise-3/okhttp=new,fuse-7/okhttp=new,rhpam-7/o
khttp=new,rhdm-7/okhttp=new,springboot-1/okhttp=new
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: msiddiqu(a)redhat.com
CC: ahardin(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
avibelli(a)redhat.com, bgeorges(a)redhat.com,
bleanhar(a)redhat.com, ccoleman(a)redhat.com,
chazlett(a)redhat.com, cmoulliard(a)redhat.com,
dedgar(a)redhat.com, eparis(a)redhat.com,
etirelli(a)redhat.com, gerard(a)ryan.lt, ibek(a)redhat.com,
ikanello(a)redhat.com, janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jbalunas(a)redhat.com, jgoulding(a)redhat.com,
jochrist(a)redhat.com, jokerman(a)redhat.com,
jpallich(a)redhat.com, jshepherd(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
lpetrovi(a)redhat.com, lthon(a)redhat.com,
mchappel(a)redhat.com, mizdebsk(a)redhat.com,
mnovotny(a)redhat.com, mszynkie(a)redhat.com,
paradhya(a)redhat.com, pgallagh(a)redhat.com,
puntogil(a)libero.it, rrajasek(a)redhat.com,
rruss(a)redhat.com, rsynek(a)redhat.com,
sdaley(a)redhat.com, trogers(a)redhat.com
Target Milestone: ---
Classification: Other
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle
attackers to bypass certificate pinning by changing SSLContext and the boolean
values while hooking the application.
Upstream issue:
https://github.com/square/okhttp/issues/4967
References:
https://cxsecurity.com/issue/WLB-2018120252
https://github.com/square/okhttp/commits/master
https://github.com/square/okhttp/releases
https://square.github.io/okhttp/3.x/okhttp/
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 10 months
[Bug 1798524] New: CVE-2019-20444 netty: HTTP request smuggling
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1798524
Bug ID: 1798524
Summary: CVE-2019-20444 netty: HTTP request smuggling
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
aos-bugs(a)redhat.com, asoldano(a)redhat.com,
atangrin(a)redhat.com, ataylor(a)redhat.com,
avibelli(a)redhat.com, bbaranow(a)redhat.com,
bbuckingham(a)redhat.com, bcourt(a)redhat.com,
bgeorges(a)redhat.com, bkearney(a)redhat.com,
bmaxwell(a)redhat.com, bmontgom(a)redhat.com,
brian.stansberry(a)redhat.com, btotty(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
darran.lofthouse(a)redhat.com, decathorpe(a)gmail.com,
dkreling(a)redhat.com, dosoudil(a)redhat.com,
drieden(a)redhat.com, eparis(a)redhat.com,
etirelli(a)redhat.com, ganandan(a)redhat.com,
ggaughan(a)redhat.com, hhudgeon(a)redhat.com,
ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jbalunas(a)redhat.com,
jburrell(a)redhat.com, jcantril(a)redhat.com,
jerboaa(a)gmail.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jpallich(a)redhat.com,
jperkins(a)redhat.com, jross(a)redhat.com,
jstastny(a)redhat.com, jwon(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
kwills(a)redhat.com, lgao(a)redhat.com,
loleary(a)redhat.com, lthon(a)redhat.com, lzap(a)redhat.com,
mmccune(a)redhat.com, mnovotny(a)redhat.com,
msochure(a)redhat.com, msvehla(a)redhat.com,
mszynkie(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, paradhya(a)redhat.com,
pdrozd(a)redhat.com, pgallagh(a)redhat.com,
pjindal(a)redhat.com, pmackay(a)redhat.com,
psotirop(a)redhat.com, rchan(a)redhat.com,
rguimara(a)redhat.com, rjerrido(a)redhat.com,
rrajasek(a)redhat.com, rruss(a)redhat.com,
rsvoboda(a)redhat.com, rsynek(a)redhat.com,
sdaley(a)redhat.com, smaestri(a)redhat.com,
sochotni(a)redhat.com, sokeeffe(a)redhat.com,
spinder(a)redhat.com, sponnaga(a)redhat.com,
stewardship-sig(a)lists.fedoraproject.org,
sthorger(a)redhat.com, tbrisker(a)redhat.com,
theute(a)redhat.com, tom.jenkinson(a)redhat.com
Target Milestone: ---
Classification: Other
A vulnerability was found in HttpObjectDecoder.java in Netty before 4.1.44
allows an HTTP header that lacks a colon, which might be interpreted as a
separate header with an incorrect syntax, or might be interpreted as an
"invalid fold."
Reference:
https://github.com/netty/netty/issues/9866
https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44....
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 11 months
[Bug 1790847] New: CVE-2019-20352 nasm: heap-based buffer over-read in set_text_free when called from expand_one_smacro in asm/preproc.c [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1790847
Bug ID: 1790847
Summary: CVE-2019-20352 nasm: heap-based buffer over-read in
set_text_free when called from expand_one_smacro in
asm/preproc.c [fedora-all]
Product: Fedora
Version: 31
Status: NEW
Component: nasm
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: i.gnatenko.brain(a)gmail.com
Reporter: mrehak(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dominik(a)greysector.net, fdc(a)fcami.net,
i.gnatenko.brain(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, pbonzini(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 11 months