Back to bug 1311076
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Andrej Nemec | 2016-02-23 11:21:15 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,jbews-2.1.0/tomcat7=affected,jbews-3.0.0/tomcat7=affected,jbews-3.0.0/tomcat8=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected |
| Andrej Nemec | 2016-02-23 11:24:49 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-7/tomcat=affected |
| Andrej Nemec | 2016-02-23 12:09:21 UTC | Depends On | 1311095 | |
| Andrej Nemec | 2016-02-23 12:10:12 UTC | Depends On | 1311102 | |
| Andrej Nemec | 2016-02-23 12:15:11 UTC | Blocks | 1311109 | |
| Muhammad Azhar Shaikh | 2016-02-27 05:59:21 UTC | CC | mdshaikh | |
| Timothy Walsh | 2016-03-09 09:48:45 UTC | Depends On | 1316027 | |
| Timothy Walsh | 2016-03-09 09:48:55 UTC | Depends On | 1316028 | |
| Timothy Walsh | 2016-03-29 06:25:07 UTC | Depends On | 1321767 | |
| Timothy Walsh | 2016-03-29 06:25:13 UTC | Depends On | 1321768 | |
| Timothy Walsh | 2016-03-29 06:25:21 UTC | Depends On | 1321769 | |
| Timothy Walsh | 2016-03-31 11:54:35 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-7/tomcat=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-7/tomcat=affected |
| Timothy Walsh | 2016-04-18 05:42:04 UTC | Doc Text | The index page of the Manager and Host Manager applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to construct a CSRF attack. |
|
| Timothy Walsh | 2016-04-18 05:45:29 UTC | Doc Text | The index page of the Manager and Host Manager applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to construct a CSRF attack. | A CSRF flaw was found in the index page of the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to construct a CSRF attack. |
| Timothy Walsh | 2016-04-22 05:21:00 UTC | Doc Text | A CSRF flaw was found in the index page of the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to construct a CSRF attack. | A CSRF flaw was found in Tomcat in the index page of the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to construct a CSRF attack. |
| Martin Prpič | 2016-05-06 09:17:18 UTC | Doc Text | A CSRF flaw was found in Tomcat in the index page of the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to construct a CSRF attack. | A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. |
| Timothy Walsh | 2016-05-26 11:57:13 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-7/tomcat=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=notabug,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-7/tomcat=affected |
| Timothy Walsh | 2016-05-26 12:01:57 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=notabug,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-7/tomcat=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-7/tomcat=affected |
| Yasuhiro Ozone | 2016-06-09 05:35:56 UTC | CC | yozone | |
| Timothy Walsh | 2016-06-16 06:46:55 UTC | Depends On | 1347132 | |
| Timothy Walsh | 2016-06-16 06:46:58 UTC | Depends On | 1347133 | |
| Pavel Polischouk | 2016-06-17 21:39:40 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-7/tomcat=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-7/tomcat=affected |
| Coty Sutherland | 2016-07-01 11:58:33 UTC | Depends On | 1352009 | |
| Timothy Walsh | 2016-07-25 13:11:37 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-7/tomcat=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=notaffected,rhel-7/tomcat=affected |
| Hanns-Joachim Uhl | 2016-08-03 08:19:50 UTC | CC | hannsj_uhl | |
| Timothy Walsh | 2016-10-05 12:01:08 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=notaffected,rhel-7/tomcat=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=notaffected,rhel-7/tomcat=affected |
| Timothy Walsh | 2016-10-05 12:03:02 UTC | Depends On | 1381944 | |
| Timothy Walsh | 2016-10-07 06:40:28 UTC | Blocks | 1382592 | |
| Timothy Walsh | 2016-11-16 05:12:49 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-352,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=notaffected,rhel-7/tomcat=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-352,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=notaffected,rhel-7/tomcat=affected |
| Timothy Walsh | 2017-03-08 07:37:21 UTC | Blocks | 1318206 | |
| PnT Account Manager | 2018-08-27 21:29:52 UTC | CC | mdshaikh | |
| Product Security DevOps Team | 2019-06-08 02:48:33 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-06-08 02:48:33 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:44:17 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=4.4/AV:L/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-352,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=notaffected,rhel-7/tomcat=affected |
Back to bug 1311076