Back to bug 1308465

Who When What Removed Added
Adam Mariš 2016-02-15 09:51:09 UTC CC security-response-team
Red Hat Bugzilla 2016-02-15 09:51:09 UTC Doc Type --- Bug Fix
Adam Mariš 2016-02-15 09:52:46 UTC Blocks 1308466
Tomas Hoger 2016-02-15 09:57:29 UTC Summary EMBARGOED HTTPS NIO connector uses no timeout when reading SSL handshake from client EMBARGOED EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client
Jason Shepherd 2016-02-16 22:56:04 UTC Whiteboard impact=moderate,public=no,reported=20160212,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,eap-6/Web=affected impact=moderate,public=20160217,reported=20160212,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,eap-6/Web=affected
Jason Shepherd 2016-02-16 22:56:09 UTC Summary EMBARGOED EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client
Jason Shepherd 2016-02-16 22:56:15 UTC Group security, qe_staff
Jason Shepherd 2016-02-16 23:01:15 UTC CC jshepherd
Depends On 1307039
Adam Mariš 2016-02-18 08:41:00 UTC Summary EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client CVE-2016-2094 EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client
Alias CVE-2016-2094
Adam Mariš 2016-02-18 08:56:25 UTC Comment 2 is private 1 0
Timothy Walsh 2016-03-30 06:16:56 UTC Doc Text A timeout flaw was found in the HTTPS NIO Connector when reading a SSL handshake. An attacker could create socket and causes a thread to remain occupied indefinitely so long as the socket remains open.
Timothy Walsh 2016-03-30 06:17:47 UTC Doc Text A timeout flaw was found in the HTTPS NIO Connector when reading a SSL handshake. An attacker could create socket and causes a thread to remain occupied indefinitely so long as the socket remains open. A timeout flaw was found in the HTTPS NIO Connector when reading a SSL handshake. An attacker could create a socket and cause a thread to remain occupied indefinitely so long as the socket remains open.
Timothy Walsh 2016-03-30 06:25:25 UTC Whiteboard impact=moderate,public=20160217,reported=20160212,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,eap-6/Web=affected impact=moderate,public=20160217,reported=20160212,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-358,eap-6/Web=affected
Summer Long 2016-03-31 00:41:44 UTC CC slong
Doc Text A timeout flaw was found in the HTTPS NIO Connector when reading a SSL handshake. An attacker could create a socket and cause a thread to remain occupied indefinitely so long as the socket remains open. A read-timeout flaw was found in the HTTPS NIO Connector handling of SSL handshakes. A remote, unauthenticated attacker could create a socket and cause a thread to remain occupied indefinitely so long as the socket remained open (denial of service).
Martin Prpič 2016-04-01 12:14:35 UTC Doc Text A read-timeout flaw was found in the HTTPS NIO Connector handling of SSL handshakes. A remote, unauthenticated attacker could create a socket and cause a thread to remain occupied indefinitely so long as the socket remained open (denial of service). A read-timeout flaw was found in the HTTPS NIO Connector handling of SSL handshakes. A remote, unauthenticated attacker could create a socket and cause a thread to remain occupied indefinitely so long as the socket remained open (denial of service).
Product Security DevOps Team 2019-09-29 13:44:17 UTC Whiteboard impact=moderate,public=20160217,reported=20160212,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cwe=CWE-358,eap-6/Web=affected
PnT Account Manager 2019-11-05 01:06:42 UTC CC psakar
PnT Account Manager 2020-10-16 22:24:34 UTC CC pgier
Ondrej Soukup 2021-06-01 14:51:10 UTC CC osoukup
Joshua Padman 2021-10-21 00:49:44 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2021-10-21 00:49:44 UTC

Back to bug 1308465