Back to bug 1045257
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Arun Babu Neelicattu | 2013-12-20 03:17:09 UTC | CC | asantos, bdawidow, brms-jira, epp-bugs, fnasser, hfnukal, huwang, jason.greene, jbpapp-maint, jpallich, lgao, myarboro, pcheung, rhq-maint, soa-p-jira, spinder, theute, tkirby, weli | |
| Arun Babu Neelicattu | 2013-12-20 04:02:52 UTC | Summary | CVE-2013-4517 Apache XML Security for Java: Java XML Signature DoS Attack | CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack |
| Arun Babu Neelicattu | 2013-12-20 04:04:50 UTC | Blocks | 1045272 | |
| Arun Babu Neelicattu | 2013-12-20 04:08:29 UTC | Whiteboard | impact=moderate,public=20131101,reported=20131220,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,eap-4/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,epp-4/xmlsec=wontfix,jpp-6/xmlsec=affected,soap-4.3/xmlsec=wontfix,soap-5/xmlsec=affected,jboss/fuse-services-framework=wontfix,jboss/apache-esb=wontfix,jboss/fuse-ent-esb-7.1.0=affected,brms-5/xmlsec=wontfix,jon-3/xmlsec=affected,jboss/eds=wontfix | impact=moderate,public=20131101,reported=20131220,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,eap-4/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,epp-4/xmlsec=wontfix,jpp-6/xmlsec=affected,soap-4.3/xmlsec=wontfix,soap-5/xmlsec=affected,jboss/fuse-services-framework=wontfix,jboss/apache-esb=wontfix,jboss/fuse-ent-esb-7.1.0=affected,brms-5/xmlsec=wontfix,jon-3/xmlsec=affected,jboss/eds=wontfix,jboss/ewp-5=affected |
| Arun Babu Neelicattu | 2013-12-20 04:19:49 UTC | Depends On | 1045275 | |
| Arun Babu Neelicattu | 2013-12-20 04:20:14 UTC | Depends On | 1045276 | |
| Arun Babu Neelicattu | 2013-12-20 04:20:56 UTC | Depends On | 1045277 | |
| Arun Babu Neelicattu | 2013-12-20 04:21:22 UTC | Depends On | 1045278 | |
| Arun Babu Neelicattu | 2013-12-20 04:21:40 UTC | Depends On | 1045279 | |
| Arun Babu Neelicattu | 2013-12-20 04:25:17 UTC | Whiteboard | impact=moderate,public=20131101,reported=20131220,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,eap-4/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,epp-4/xmlsec=wontfix,jpp-6/xmlsec=affected,soap-4.3/xmlsec=wontfix,soap-5/xmlsec=affected,jboss/fuse-services-framework=wontfix,jboss/apache-esb=wontfix,jboss/fuse-ent-esb-7.1.0=affected,brms-5/xmlsec=wontfix,jon-3/xmlsec=affected,jboss/eds=wontfix,jboss/ewp-5=affected | impact=moderate,public=20131101,reported=20131220,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,eap-4/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,epp-4/xmlsec=wontfix,jpp-6/xmlsec=affected,soap-4.3/xmlsec=wontfix,soap-5/xmlsec=wontfix,jboss/fuse-services-framework=wontfix,jboss/apache-esb=wontfix,jboss/fuse-ent-esb-7.1.0=affected,brms-5/xmlsec=wontfix,jon-3/xmlsec=affected,jboss/eds=wontfix,jboss/ewp-5=affected |
| Arun Babu Neelicattu | 2013-12-20 04:58:40 UTC | Depends On | 1045287 | |
| Arun Babu Neelicattu | 2013-12-20 04:59:00 UTC | Depends On | 1045288 | |
| David Jorm | 2014-01-08 06:50:11 UTC | Blocks | 1049751 | |
| David Jorm | 2014-01-15 14:15:48 UTC | Blocks | 1050810 | |
| David Jorm | 2014-01-21 04:28:28 UTC | Blocks | 1055846 | |
| Chess Hazlett | 2014-01-28 20:05:16 UTC | Blocks | 1058944 | |
| Chess Hazlett | 2014-01-30 21:59:29 UTC | CC | chazlett | |
| David Jorm | 2014-03-20 05:08:27 UTC | CC | djorm | |
| Whiteboard | impact=moderate,public=20131101,reported=20131220,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,eap-4/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,epp-4/xmlsec=wontfix,jpp-6/xmlsec=affected,soap-4.3/xmlsec=wontfix,soap-5/xmlsec=wontfix,jboss/fuse-services-framework=wontfix,jboss/apache-esb=wontfix,jboss/fuse-ent-esb-7.1.0=affected,brms-5/xmlsec=wontfix,jon-3/xmlsec=affected,jboss/eds=wontfix,jboss/ewp-5=affected | impact=moderate,public=20131101,reported=20131220,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,eap-4/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,epp-4/xmlsec=wontfix,jpp-6/xmlsec=affected,soap-4.3/xmlsec=wontfix,soap-5/xmlsec=affected,jboss/fuse-services-framework=wontfix,jboss/apache-esb=wontfix,jboss/fuse-ent-esb-7.1.0=affected,brms-5/xmlsec=wontfix,jon-3/xmlsec=affected,jboss/eds=wontfix,jboss/ewp-5=affected | ||
| Arun Babu Neelicattu | 2014-04-22 03:25:08 UTC | Blocks | 1089812 | |
| Chess Hazlett | 2014-04-25 17:44:30 UTC | Blocks | 1087103 | |
| David Jorm | 2014-04-30 11:09:53 UTC | Blocks | 1058944 | |
| Chess Hazlett | 2014-05-02 20:15:48 UTC | Whiteboard | impact=moderate,public=20131101,reported=20131220,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,eap-4/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,epp-4/xmlsec=wontfix,jpp-6/xmlsec=affected,soap-4.3/xmlsec=wontfix,soap-5/xmlsec=affected,jboss/fuse-services-framework=wontfix,jboss/apache-esb=wontfix,jboss/fuse-ent-esb-7.1.0=affected,brms-5/xmlsec=wontfix,jon-3/xmlsec=affected,jboss/eds=wontfix,jboss/ewp-5=affected | impact=moderate,public=20131101,reported=20131220,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,eap-4/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,epp-4/xmlsec=wontfix,jpp-6/xmlsec=affected,soap-4.3/xmlsec=wontfix,soap-5/xmlsec=affected,jboss/fuse-services-framework=wontfix,jboss/apache-esb=wontfix,jboss/fuse-ent-esb-7.1.0=wontfix,brms-5/xmlsec=wontfix,jon-3/xmlsec=affected,jboss/eds=wontfix,jboss/ewp-5=affected |
| Pavel Polischouk | 2014-05-29 01:03:27 UTC | Blocks | 1102439 | |
| Arun Babu Neelicattu | 2014-10-09 03:39:11 UTC | Blocks | 1150823 | |
| John Skeoch | 2014-10-21 00:09:28 UTC | CC | djorm | mjc |
| Arun Babu Neelicattu | 2014-10-28 08:41:08 UTC | Whiteboard | impact=moderate,public=20131101,reported=20131220,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,eap-4/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,epp-4/xmlsec=wontfix,jpp-6/xmlsec=affected,soap-4.3/xmlsec=wontfix,soap-5/xmlsec=affected,jboss/fuse-services-framework=wontfix,jboss/apache-esb=wontfix,jboss/fuse-ent-esb-7.1.0=wontfix,brms-5/xmlsec=wontfix,jon-3/xmlsec=affected,jboss/eds=wontfix,jboss/ewp-5=affected | impact=moderate,public=20131101,reported=20131220,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,eap-4/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,epp-4/xmlsec=wontfix,jpp-6/xmlsec=affected,soap-4.3/xmlsec=wontfix,soap-5/xmlsec=affected,jboss/fuse-services-framework=wontfix,jboss/apache-esb=wontfix,jboss/fuse-ent-esb-7.1.0=wontfix,brms-5/xmlsec=wontfix,jon-3/xmlsec=affected,jboss/eds=wontfix,jboss/ewp-5=affected,fedora-all/xml-security=affected |
| Arun Babu Neelicattu | 2014-10-28 08:41:34 UTC | CC | aneelica, cdewolf, dandread, darran.lofthouse, jason.greene, jawilson, kkhan, mweiler, pavelp, pgier, pslavice, puntogil, rsvoboda, vtunka | |
| Arun Babu Neelicattu | 2014-10-28 08:42:16 UTC | Depends On | 1157992 | |
| Arun Babu Neelicattu | 2014-10-28 08:43:47 UTC | Fixed In Version | xml-security 1.5.6 | |
| Arun Babu Neelicattu | 2014-10-28 08:45:17 UTC | Blocks | 1049751 | |
| Chess Hazlett | 2014-10-28 22:14:35 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2014-10-28 18:14:35 UTC | |||
| Martin Prpič | 2014-10-29 12:28:29 UTC | Doc Text | It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. | |
| Ján Rusnačko | 2014-10-29 12:30:24 UTC | CC | jrusnack | |
| Whiteboard | impact=moderate,public=20131101,reported=20131220,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,eap-4/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,epp-4/xmlsec=wontfix,jpp-6/xmlsec=affected,soap-4.3/xmlsec=wontfix,soap-5/xmlsec=affected,jboss/fuse-services-framework=wontfix,jboss/apache-esb=wontfix,jboss/fuse-ent-esb-7.1.0=wontfix,brms-5/xmlsec=wontfix,jon-3/xmlsec=affected,jboss/eds=wontfix,jboss/ewp-5=affected,fedora-all/xml-security=affected | impact=moderate,public=20131101,reported=20131220,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,eap-4/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,epp-4/xmlsec=wontfix,jpp-6/xmlsec=affected,soap-4.3/xmlsec=wontfix,soap-5/xmlsec=affected,jboss/fuse-services-framework=wontfix,jboss/apache-esb=wontfix,jboss/fuse-ent-esb-7.1.0=wontfix,brms-5/xmlsec=wontfix,jon-3/xmlsec=affected,jboss/eds=wontfix,jboss/ewp-5=affected,fedora-all/xml-security=affected,cwe=CWE-400 | ||
| Pavel Polischouk | 2014-11-07 03:56:12 UTC | Status | CLOSED | NEW |
| Resolution | ERRATA | --- | ||
| Keywords | Reopened | |||
| Pavel Polischouk | 2014-11-07 04:04:46 UTC | Whiteboard | impact=moderate,public=20131101,reported=20131220,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,eap-4/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,epp-4/xmlsec=wontfix,jpp-6/xmlsec=affected,soap-4.3/xmlsec=wontfix,soap-5/xmlsec=affected,jboss/fuse-services-framework=wontfix,jboss/apache-esb=wontfix,jboss/fuse-ent-esb-7.1.0=wontfix,brms-5/xmlsec=wontfix,jon-3/xmlsec=affected,jboss/eds=wontfix,jboss/ewp-5=affected,fedora-all/xml-security=affected,cwe=CWE-400 | impact=moderate,public=20131101,reported=20131220,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-400,eap-4/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,epp-4/xmlsec=wontfix,jpp-6/xmlsec=affected,jdg-6/xmlsec=notaffected,jboss/fuse-6=notaffected,fsw-6/xmlsec=affected,jdv-6/xmlsec=affected,brms-6/xmlsec=affected,bpms-6/xmlsec=affected,soap-4.3/xmlsec=wontfix,soap-5/xmlsec=affected,jboss/fuse-services-framework=wontfix,jboss/apache-esb=wontfix,jboss/fuse-ent-esb-7.1.0=wontfix,brms-5/xmlsec=wontfix,jon-3/xmlsec=affected,jboss/eds=wontfix,jboss/ewp-5=affected,fedora-all/xml-security=affected |
| Pavel Polischouk | 2014-11-07 04:05:41 UTC | CC | jcoleman, jdg-bugs, kconner, rzhang, ttarrant | |
| Pavel Polischouk | 2014-11-07 04:08:58 UTC | Depends On | 1161380 | |
| Pavel Polischouk | 2014-11-07 04:09:04 UTC | Depends On | 1161381 | |
| Pavel Polischouk | 2014-11-07 04:09:09 UTC | Depends On | 1161382 | |
| Pavel Polischouk | 2014-11-07 04:09:13 UTC | Depends On | 1161384 | |
| Pavel Polischouk | 2014-11-07 04:09:17 UTC | Depends On | 1161385 | |
| Pavel Polischouk | 2014-11-07 04:09:22 UTC | Depends On | 1161386 | |
| Pavel Polischouk | 2014-11-07 04:09:27 UTC | Depends On | 1161387 | |
| Pavel Polischouk | 2014-11-07 04:09:33 UTC | Depends On | 1161388 | |
| Pavel Polischouk | 2014-11-07 04:09:39 UTC | Depends On | 1161389 | |
| Pavel Polischouk | 2014-11-07 04:09:43 UTC | Depends On | 1161390 | |
| Pavel Polischouk | 2014-11-07 04:09:49 UTC | Depends On | 1161391 | |
| Pavel Polischouk | 2014-11-07 04:09:54 UTC | Depends On | 1161392 | |
| Pavel Polischouk | 2014-11-07 04:19:27 UTC | Depends On | 1161395 | |
| Salvatore Bonaccorso | 2014-11-07 05:28:02 UTC | CC | carnil | |
| Salvatore Bonaccorso | 2014-11-07 05:28:19 UTC | CC | carnil | |
| gil cattaneo | 2014-12-04 01:26:23 UTC | CC | puntogil | |
| John Skeoch | 2015-02-06 01:19:55 UTC | CC | asantos | kejohnso |
| John Skeoch | 2015-02-15 21:56:03 UTC | CC | grocha | |
| John Skeoch | 2015-02-15 21:58:43 UTC | CC | aneelica | |
| Pavel Polischouk | 2015-03-10 00:14:27 UTC | Blocks | 1200191 | |
| Pavel Polischouk | 2015-04-09 20:15:42 UTC | Blocks | 1210482 | |
| Pavel Polischouk | 2015-05-01 20:14:38 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2014-10-28 18:14:35 UTC | 2015-05-01 16:14:38 UTC | ||
| Product Security DevOps Team | 2019-09-29 13:11:26 UTC | Whiteboard | impact=moderate,public=20131101,reported=20131220,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-400,eap-4/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,epp-4/xmlsec=wontfix,jpp-6/xmlsec=affected,jdg-6/xmlsec=notaffected,jboss/fuse-6=notaffected,fsw-6/xmlsec=affected,jdv-6/xmlsec=affected,brms-6/xmlsec=affected,bpms-6/xmlsec=affected,soap-4.3/xmlsec=wontfix,soap-5/xmlsec=affected,jboss/fuse-services-framework=wontfix,jboss/apache-esb=wontfix,jboss/fuse-ent-esb-7.1.0=wontfix,brms-5/xmlsec=wontfix,jon-3/xmlsec=affected,jboss/eds=wontfix,jboss/ewp-5=affected,fedora-all/xml-security=affected |
Back to bug 1045257