Back to bug 1311082
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Andrej Nemec | 2016-02-23 11:02:44 UTC | Summary | 2016-0714 tomcat: Security Manager bypass via persistence mechanisms | CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms |
| Alias | 2016-0714 | CVE-2016-0714 | ||
| Andrej Nemec | 2016-02-23 11:27:13 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,jbews-2.1.0/tomcat7=affected,jbews-3.0.0/tomcat7=affected,jbews-3.0.0/tomcat8=affected,rhel-6/tomcat6=affected,jbews-1.0.2/tomcat6=affected,jbews-2.1.0/tomcat6=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected |
| Andrej Nemec | 2016-02-23 12:09:21 UTC | Depends On | 1311095 | |
| Andrej Nemec | 2016-02-23 12:10:12 UTC | Depends On | 1311102 | |
| Andrej Nemec | 2016-02-23 12:15:18 UTC | Blocks | 1311109 | |
| Muhammad Azhar Shaikh | 2016-02-27 05:58:56 UTC | CC | mdshaikh | |
| Timothy Walsh | 2016-03-09 09:58:05 UTC | Depends On | 1316035 | |
| Timothy Walsh | 2016-03-09 09:58:15 UTC | Depends On | 1316036 | |
| Timothy Walsh | 2016-03-31 10:48:07 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected |
| Timothy Walsh | 2016-03-31 11:05:23 UTC | Depends On | 1322797 | |
| Timothy Walsh | 2016-03-31 11:05:30 UTC | Depends On | 1322798 | |
| Timothy Walsh | 2016-04-26 11:12:21 UTC | Doc Text | The session-persistence allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. | |
| Martin Prpič | 2016-05-06 09:31:09 UTC | Doc Text | The session-persistence allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. | It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. |
| Timothy Walsh | 2016-05-26 11:55:31 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=notabug,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected |
| Timothy Walsh | 2016-05-26 12:00:46 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=notabug,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected |
| Yasuhiro Ozone | 2016-06-09 05:27:35 UTC | CC | yozone | |
| Timothy Walsh | 2016-06-16 06:50:48 UTC | Depends On | 1347141 | |
| Timothy Walsh | 2016-06-16 06:50:51 UTC | Depends On | 1347142 | |
| Timothy Walsh | 2016-06-17 13:26:00 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=wontfix,rhel-7/tomcat=affected |
| Pavel Polischouk | 2016-06-17 21:40:05 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=wontfix,rhel-7/tomcat=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=wontfix,rhel-7/tomcat=affected |
| Coty Sutherland | 2016-07-01 11:58:33 UTC | Depends On | 1352009 | |
| Xixi | 2016-08-08 21:43:57 UTC | CC | xdmoon | |
| Timothy Walsh | 2016-08-15 11:58:03 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=wontfix,rhel-7/tomcat=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected |
| Timothy Walsh | 2016-08-15 12:05:43 UTC | Depends On | 1367058 | |
| Timothy Walsh | 2016-08-15 12:05:47 UTC | Depends On | 1367059 | |
| Timothy Walsh | 2016-10-05 11:53:39 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected |
| Timothy Walsh | 2016-10-05 11:55:09 UTC | Depends On | 1381941 | |
| Timothy Walsh | 2016-10-06 13:46:21 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-290,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-290,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected |
| Timothy Walsh | 2016-10-07 06:40:09 UTC | Blocks | 1382592 | |
| Timothy Walsh | 2017-03-08 07:37:21 UTC | Blocks | 1318206 | |
| PnT Account Manager | 2018-03-19 01:01:20 UTC | CC | xdmoon | |
| PnT Account Manager | 2018-08-27 21:29:55 UTC | CC | mdshaikh | |
| Product Security DevOps Team | 2019-06-08 02:48:35 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-06-08 02:48:35 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:44:17 UTC | Whiteboard | impact=moderate,public=20160222,reported=20160222,source=bugtraq,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-290,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected |
Back to bug 1311082