Back to bug 1305937

Who When What Removed Added
Adam Mariš 2016-02-09 16:16:04 UTC CC security-response-team
Red Hat Bugzilla 2016-02-09 16:16:04 UTC Doc Type --- Bug Fix
Adam Mariš 2016-02-09 16:24:23 UTC Blocks 1305944
Jason Shepherd 2016-02-10 02:09:43 UTC CC jshepherd
Jason Shepherd 2016-02-10 22:55:42 UTC Whiteboard impact=moderate,public=no,reported=20160209,source=researcher,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-184,jboss/wildfly=affected,fedora-all/wildfly=affected impact=moderate,public=20160211,reported=20160209,source=researcher,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-184,jboss/wildfly=affected,fedora-all/wildfly=affected
Jason Shepherd 2016-02-10 22:55:44 UTC Summary EMBARGOED wildfly: WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass wildfly: WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass
Jason Shepherd 2016-02-10 22:55:46 UTC Group security, qe_staff
Jason Shepherd 2016-02-10 22:56:09 UTC Depends On 1306470
Adam Mariš 2016-02-11 10:57:47 UTC Summary wildfly: WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass CVE-2016-0793 wildfly: WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass
Alias CVE-2016-0793
Jason Shepherd 2016-02-12 05:33:09 UTC Doc Text A flaw was found in the blacklisting of URLs in Wildfly that could lead to the exposure of sensitive files to a remote user. Only Wildfly application servers running on Windows operating systems are affected.
Summer Long 2016-02-12 05:43:24 UTC CC slong
Doc Text A flaw was found in the blacklisting of URLs in Wildfly that could lead to the exposure of sensitive files to a remote user. Only Wildfly application servers running on Windows operating systems are affected. An incomplete-blacklist flaw was found in the blacklisting of URLs in Wildfly. A remote, unauthenticated user could exploit this flaw to expose sensitive files. Only Wildfly application servers running on Windows operating systems are affected; no versions of JBoss EAP or Red Hat layered products are affected.
Summer Long 2016-02-12 05:45:15 UTC Doc Text An incomplete-blacklist flaw was found in the blacklisting of URLs in Wildfly. A remote, unauthenticated user could exploit this flaw to expose sensitive files. Only Wildfly application servers running on Windows operating systems are affected; no versions of JBoss EAP or Red Hat layered products are affected. An incomplete-blacklist flaw was found in the blacklisting of URLs in Wildfly. A remote, unauthenticated user could exploit this flaw to expose sensitive files. Only Wildfly application servers running on Windows operating systems are affected; no versions of JBoss EAP or layered products are affected.
Summer Long 2016-02-12 05:46:59 UTC Doc Text An incomplete-blacklist flaw was found in the blacklisting of URLs in Wildfly. A remote, unauthenticated user could exploit this flaw to expose sensitive files. Only Wildfly application servers running on Windows operating systems are affected; no versions of JBoss EAP or layered products are affected. An incomplete-blacklist flaw was found in the blacklisting of URLs in Wildfly. A remote, unauthenticated user could exploit this flaw to expose sensitive files.
Andrea Scarpino 2017-06-06 14:25:21 UTC CC voora
CC me
Bharti Kundal 2017-06-06 15:17:12 UTC CC bkundal
PnT Account Manager 2018-10-19 21:37:00 UTC CC bkundal
Product Security DevOps Team 2019-09-29 13:44:17 UTC Whiteboard impact=moderate,public=20160211,reported=20160209,source=researcher,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-184,jboss/wildfly=affected,fedora-all/wildfly=affected
Ondrej Soukup 2021-06-01 14:55:57 UTC CC osoukup
Joshua Padman 2021-10-21 00:49:54 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2021-10-21 00:49:54 UTC

Back to bug 1305937