Back to bug 1300443
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Chess Hazlett | 2016-01-20 20:35:17 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-01-20 20:35:17 UTC | Doc Type | --- | Bug Fix |
| Chess Hazlett | 2016-01-20 20:35:22 UTC | Blocks | 1300436 | |
| Chess Hazlett | 2016-01-20 20:56:10 UTC | Whiteboard | impact=low,public=no,reported=20150105,source=researcher,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,jdg-6/hotrod-client=new | impact=moderate,public=no,reported=20150105,source=researcher,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,jdg-6/hotrod-client=new |
| Chess Hazlett | 2016-01-20 20:56:12 UTC | Severity | low | medium |
| Chess Hazlett | 2016-01-20 20:56:14 UTC | Priority | low | medium |
| Chess Hazlett | 2016-01-21 03:40:53 UTC | Alias | CVE-2016-0750 | |
| Chess Hazlett | 2016-01-21 03:40:55 UTC | Summary | EMBARGOED hotrod client: unchecked deserialization in marshaller util | EMBARGOED CVE-2016-0750 hotrod client: unchecked deserialization in marshaller util |
| Chess Hazlett | 2017-06-15 20:30:00 UTC | Whiteboard | impact=moderate,public=no,reported=20150105,source=researcher,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,jdg-6/hotrod-client=new | impact=moderate,reported=20150105,source=researcher,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,jdg-6/hotrod-client=new |
| Chess Hazlett | 2017-11-07 20:38:17 UTC | Fixed In Version | Infinispan 9.1.0.Final | |
| Doc Text | The hotrod java client in infinispan automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks. | |||
| Chess Hazlett | 2017-11-07 20:47:55 UTC | Whiteboard | impact=moderate,reported=20150105,source=researcher,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,jdg-6/hotrod-client=new | impact=moderate,reported=20150105,source=researcher,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-138,jdg-6/hotrod-client=new |
| Eric Christensen | 2017-11-08 14:09:27 UTC | Whiteboard | impact=moderate,reported=20150105,source=researcher,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-138,jdg-6/hotrod-client=new | impact=moderate,reported=20150104,source=researcher,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-138,jdg-6/hotrod-client=new |
| Chess Hazlett | 2017-11-08 19:39:16 UTC | Blocks | 1507638 | |
| Chess Hazlett | 2017-11-16 18:11:29 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2016-0750 hotrod client: unchecked deserialization in marshaller util | CVE-2016-0750 hotrod client: unchecked deserialization in marshaller util | ||
| Whiteboard | impact=moderate,reported=20150104,source=researcher,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-138,jdg-6/hotrod-client=new | impact=moderate,public=20171116:1811,reported=20150103,source=researcher,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-138,jdg-6/hotrod-client=new | ||
| Chess Hazlett | 2017-11-30 20:46:59 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Whiteboard | impact=moderate,public=20171116:1811,reported=20150103,source=researcher,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-138,jdg-6/hotrod-client=new | impact=moderate,public=20171116:1811,reported=20150102,source=researcher,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-138,jdg-6/hotrod-client=new | ||
| Last Closed | 2017-11-30 15:46:59 UTC | |||
| Viliam Križan | 2018-02-12 10:24:51 UTC | Whiteboard | impact=moderate,public=20171116:1811,reported=20150102,source=researcher,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-138,jdg-6/hotrod-client=new | impact=moderate,public=20171116:1811,reported=20150105,source=researcher,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-138,jdg-6/hotrod-client=new |
| Chess Hazlett | 2018-03-02 15:29:13 UTC | Status | CLOSED | NEW |
| Resolution | ERRATA | --- | ||
| Keywords | Reopened | |||
| Chess Hazlett | 2018-03-02 15:32:56 UTC | Status | NEW | MODIFIED |
| Product Security DevOps Team | 2019-09-29 13:42:36 UTC | Whiteboard | impact=moderate,public=20171116:1811,reported=20150105,source=researcher,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-138,jdg-6/hotrod-client=new | |
| Red Hat Bugzilla | 2023-07-07 08:28:54 UTC | Assignee | security-response-team | nobody |
| CC | security-response-team |
Back to bug 1300443