Back to bug 1321789
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Andrej Nemec | 2016-03-29 07:30:06 UTC | Depends On | 1321791 | |
| Andrej Nemec | 2016-03-29 07:30:14 UTC | Depends On | 1321792 | |
| Andrej Nemec | 2016-03-29 07:32:02 UTC | Whiteboard | impact=important,public=20160315,reported=20160325,source=oss-security,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-348,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=affected,jpp-6/xstream=affected,soap-5/xstream=affected,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/xstream=affected | impact=important,public=20160315,reported=20160325,source=oss-security,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-348,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=affected,jpp-6/xstream=affected,soap-5/xstream=affected,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/maven30-xstream=affected |
| Andrej Nemec | 2016-03-29 07:33:25 UTC | Blocks | 1321793 | |
| Pavel Polischouk | 2016-03-30 00:08:57 UTC | Whiteboard | impact=important,public=20160315,reported=20160325,source=oss-security,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-348,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=affected,jpp-6/xstream=affected,soap-5/xstream=affected,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/maven30-xstream=affected | impact=important,public=20160315,reported=20160325,source=oss-security,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-348,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=wontfix,jpp-6/xstream=affected,soap-5/xstream=affected,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/maven30-xstream=affected |
| Pavel Polischouk | 2016-03-30 00:11:12 UTC | Depends On | 1322169 | |
| Pavel Polischouk | 2016-03-30 00:11:19 UTC | Depends On | 1322170 | |
| Pavel Polischouk | 2016-03-30 00:11:27 UTC | Depends On | 1322171 | |
| Pavel Polischouk | 2016-03-30 00:11:35 UTC | Depends On | 1322172 | |
| Pavel Polischouk | 2016-03-30 00:11:42 UTC | Depends On | 1322173 | |
| Pavel Polischouk | 2016-03-30 00:11:48 UTC | Depends On | 1322174 | |
| Pavel Polischouk | 2016-03-30 00:11:55 UTC | Depends On | 1322175 | |
| Pavel Polischouk | 2016-03-30 00:12:44 UTC | Depends On | 1322177 | |
| Pavel Polischouk | 2016-04-01 21:38:54 UTC | Whiteboard | impact=important,public=20160315,reported=20160325,source=oss-security,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cwe=CWE-348,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=wontfix,jpp-6/xstream=affected,soap-5/xstream=affected,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/maven30-xstream=affected | impact=important,public=20160315,reported=20160325,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-348,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=wontfix,jpp-6/xstream=affected,soap-5/xstream=affected,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/maven30-xstream=affected |
| Pavel Polischouk | 2016-04-01 22:32:30 UTC | Whiteboard | impact=important,public=20160315,reported=20160325,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-348,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=wontfix,jpp-6/xstream=affected,soap-5/xstream=affected,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/maven30-xstream=affected | impact=moderate,public=20160315,reported=20160325,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-348,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=wontfix,jpp-6/xstream=affected,soap-5/xstream=affected,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/maven30-xstream=affected |
| Pavel Polischouk | 2016-04-01 22:32:50 UTC | Severity | high | medium |
| Pavel Polischouk | 2016-04-01 22:33:08 UTC | Priority | high | medium |
| Pavel Polischouk | 2016-04-01 22:34:56 UTC | Whiteboard | impact=moderate,public=20160315,reported=20160325,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-348,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=wontfix,jpp-6/xstream=affected,soap-5/xstream=affected,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/maven30-xstream=affected | impact=moderate,public=20160315,reported=20160325,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=611,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=wontfix,jpp-6/xstream=affected,soap-5/xstream=affected,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/maven30-xstream=affected |
| Pavel Polischouk | 2016-04-01 22:36:07 UTC | Whiteboard | impact=moderate,public=20160315,reported=20160325,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=611,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=wontfix,jpp-6/xstream=affected,soap-5/xstream=affected,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/maven30-xstream=affected | impact=moderate,public=20160315,reported=20160325,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-611,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=wontfix,jpp-6/xstream=affected,soap-5/xstream=affected,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/maven30-xstream=affected |
| Pavel Polischouk | 2016-04-01 22:43:17 UTC | Whiteboard | impact=moderate,public=20160315,reported=20160325,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-611,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=wontfix,jpp-6/xstream=affected,soap-5/xstream=affected,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/maven30-xstream=affected | impact=moderate,public=20160315,reported=20160325,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-611,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=wontfix,jpp-6/xstream=affected,soap-5/xstream=wontfix,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/maven30-xstream=affected |
| Ant Stephenson | 2016-04-04 08:47:28 UTC | CC | anstephe | |
| John Skeoch | 2016-04-18 07:26:55 UTC | CC | yeylon | srevivo |
| Mikolaj Izdebski | 2016-05-13 07:52:44 UTC | Depends On | 1335765 | |
| Pavel Polischouk | 2016-06-07 15:44:38 UTC | Doc Text | It was found that several XML parsers used by XStream had default settings that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. | |
| Pavel Polischouk | 2016-06-08 02:24:18 UTC | Blocks | 1343801 | |
| Pavel Polischouk | 2016-06-08 21:20:50 UTC | Blocks | 1343801 | |
| Pavel Polischouk | 2016-10-14 20:47:01 UTC | Blocks | 1385169 | |
| Pavel Polischouk | 2016-11-03 18:56:04 UTC | Blocks | 1391689 | |
| Pavel Polischouk | 2016-11-25 04:33:48 UTC | Whiteboard | impact=moderate,public=20160315,reported=20160325,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cwe=CWE-611,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=wontfix,jpp-6/xstream=affected,soap-5/xstream=wontfix,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/maven30-xstream=affected | impact=moderate,public=20160315,reported=20160325,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-611,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=wontfix,jpp-6/xstream=affected,soap-5/xstream=wontfix,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/maven30-xstream=affected |
| Scott Herold | 2017-09-12 15:29:21 UTC | CC | sherold | |
| PnT Account Manager | 2018-02-06 19:23:49 UTC | CC | hfnukal | |
| PnT Account Manager | 2018-05-10 18:16:37 UTC | CC | pavelp | |
| PnT Account Manager | 2018-06-29 22:08:01 UTC | CC | kseifried | |
| PnT Account Manager | 2018-07-18 14:51:23 UTC | CC | rbalakri | |
| Michael Simacek | 2018-08-18 11:29:32 UTC | CC | msimacek | |
| PnT Account Manager | 2018-11-05 22:43:51 UTC | CC | ylavi | |
| Gil Klein | 2019-04-14 12:58:24 UTC | CC | gklein | |
| PnT Account Manager | 2019-04-22 21:30:42 UTC | CC | tjay | |
| Product Security DevOps Team | 2019-06-08 02:50:06 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-06-08 02:50:06 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:46:44 UTC | Whiteboard | impact=moderate,public=20160315,reported=20160325,source=oss-security,cvss2=5.0/AV:N/AC:L/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-611,rhel-7/xstream=affected,amq-6.2.1/xstream=affected,brms-5/xstream=wontfix,jpp-6/xstream=affected,soap-5/xstream=wontfix,openshift-enterprise-2/xstream=affected,rhev-m-3/jasperreports-server-pro=affected,jdg-6/xstream=affected,brms-6/xstream=affected,bpms-6/xstream=affected,fsw-6/xstream=affected,fedora-all/xstream=affected,fedora-all/jenkins-xstream=affected,rhn_satellite_6/xstream=affected,rhscl-2/maven30-xstream=affected | |
| Stanislav Ochotnicky | 2020-12-15 08:51:19 UTC | See Also | https://issues.redhat.com/browse/RHBRMS-1478, https://issues.redhat.com/browse/RHBPMS-298 |
Back to bug 1321789