Back to bug 1311089
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Andrej Nemec | 2016-02-23 11:09:59 UTC | Fixed In Version | tomcat 6.0.45, tomcat 7.0.68, tomcat 8.0.32 | tomcat 6.0.45, tomcat 7.0.67, tomcat 8.0.30 |
| Andrej Nemec | 2016-02-23 11:28:42 UTC | Whiteboard | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-552,jbews-2.1.0/tomcat7=affected,jbews-3.0.0/tomcat7=affected,jbews-3.0.0/tomcat8=affected,rhel-6/tomcat6=affected,jbews-1.0.2/tomcat6=affected,jbews-2.1.0/tomcat6=affected | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-552,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected |
| Andrej Nemec | 2016-02-23 12:09:21 UTC | Depends On | 1311095 | |
| Andrej Nemec | 2016-02-23 12:10:12 UTC | Depends On | 1311102 | |
| Andrej Nemec | 2016-02-23 12:15:31 UTC | Blocks | 1311109 | |
| Muhammad Azhar Shaikh | 2016-02-27 05:59:47 UTC | CC | mdshaikh | |
| Timothy Walsh | 2016-03-09 08:20:03 UTC | Depends On | 1315991 | |
| Timothy Walsh | 2016-03-09 08:26:21 UTC | Depends On | 1315993 | |
| Timothy Walsh | 2016-03-31 11:27:09 UTC | Whiteboard | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-552,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-552,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected |
| Timothy Walsh | 2016-03-31 11:28:46 UTC | Depends On | 1322812 | |
| Timothy Walsh | 2016-03-31 11:28:52 UTC | Depends On | 1322813 | |
| Timothy Walsh | 2016-04-18 05:39:56 UTC | Doc Text | A security constraint flaw was found in Tomcat. It was possible for a user to determine if a directory existed or not, even if the user was not permitted to view the directory. The issue also occurred at the root of a web application in which case the presence of the web application was confirmed, even if a user did not have access. |
|
| Martin Prpič | 2016-05-06 09:12:05 UTC | Doc Text | A security constraint flaw was found in Tomcat. It was possible for a user to determine if a directory existed or not, even if the user was not permitted to view the directory. The issue also occurred at the root of a web application in which case the presence of the web application was confirmed, even if a user did not have access. | It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. |
| Yasuhiro Ozone | 2016-06-09 05:40:41 UTC | CC | yozone | |
| Timothy Walsh | 2016-06-16 06:48:10 UTC | Depends On | 1347135 | |
| Timothy Walsh | 2016-06-16 06:48:14 UTC | Depends On | 1347136 | |
| Andrej Nemec | 2016-06-16 12:41:41 UTC | Depends On | 1347240 | |
| Timothy Walsh | 2016-06-17 13:30:04 UTC | Whiteboard | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-552,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-552,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=wontfix,rhel-7/tomcat=affected |
| Pavel Polischouk | 2016-06-17 21:40:54 UTC | Whiteboard | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-552,brms-5/jbossweb=new,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=new,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=wontfix,rhel-7/tomcat=affected | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-552,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=wontfix,rhel-7/tomcat=affected |
| Coty Sutherland | 2016-07-01 11:58:33 UTC | Depends On | 1352009 | |
| Timothy Walsh | 2016-08-15 11:59:52 UTC | Whiteboard | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-552,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=wontfix,rhel-7/tomcat=affected | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-552,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected |
| Timothy Walsh | 2016-08-15 12:03:10 UTC | Depends On | 1367054 | |
| Timothy Walsh | 2016-08-15 12:03:14 UTC | Depends On | 1367055 | |
| Timothy Walsh | 2016-08-19 08:14:02 UTC | CC | bprioux | |
| Timothy Walsh | 2016-09-08 13:07:48 UTC | Whiteboard | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-552,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=affected,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-552,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected |
| Timothy Walsh | 2016-10-05 12:09:45 UTC | Whiteboard | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-552,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=wontfix,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-552,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected |
| Timothy Walsh | 2016-10-05 12:10:33 UTC | Depends On | 1381948 | |
| Timothy Walsh | 2016-10-06 13:59:45 UTC | Whiteboard | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-552,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-552,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected |
| Timothy Walsh | 2016-10-07 06:41:07 UTC | Blocks | 1382592 | |
| Timothy Walsh | 2016-11-16 02:48:42 UTC | Blocks | 1382592 | |
| Timothy Walsh | 2017-03-08 07:37:21 UTC | Blocks | 1318206 | |
| PnT Account Manager | 2018-08-27 21:30:06 UTC | CC | mdshaikh | |
| PnT Account Manager | 2019-05-31 21:56:48 UTC | CC | bprioux | |
| Product Security DevOps Team | 2019-06-08 02:48:42 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-06-08 02:48:42 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:44:17 UTC | Whiteboard | impact=low,public=20160222,reported=20160222,source=bugtraq,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-552,brms-5/jbossweb=wontfix,eap-4/jbossweb=wontfix,eap-5/jbossweb=wontfix,eap-6/jbossweb=wontfix,epel-6/tomcat=affected,fedora-all/tomcat=new,fsw-6/jbossweb=wontfix,jbews-2/tomcat7=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,jdg-6/jbossweb=affected,jon-3/jbossweb=affected,jpp-6/jbossweb=affected,openshift-1/jbossweb=new,rhel-6/tomcat6=affected,rhel-7/tomcat=affected |
Back to bug 1311089