Changes made to bug 1327037

Back to bug 1327037

Who	When	What	Removed	Added
Jason Shepherd	2016-04-14 07:10:27 UTC	CC		security-response-team
Red Hat Bugzilla	2016-04-14 07:10:27 UTC	Doc Type	---	Bug Fix
Jason Shepherd	2016-04-14 07:10:31 UTC	Blocks		1283518
Adam Mariš	2016-04-14 07:41:00 UTC	CC		amaris
		Summary	EMBARGOED PooledInvokerServlet is not secured, and deserializes data	EMBARGOED CVE-2016-3690 PooledInvokerServlet is not secured, and deserializes data
		Alias		CVE-2016-3690
Jason Shepherd	2016-05-09 01:50:06 UTC	Whiteboard	impact=important,public=20160509,reported=20151119,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,eap-4/jbossas=affected,eap-5/jbossas=affected,brms-5/jbossas=affected,soap-4/JBossAS=affected,soap-5/JBossAS=affected	impact=important,public=20160613,reported=20151119,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,eap-4/jbossas=affected,eap-5/jbossas=affected,brms-5/jbossas=affected,soap-4/JBossAS=affected,soap-5/JBossAS=affected
Jason Shepherd	2016-05-09 02:02:11 UTC	Depends On		1334139
Jason Shepherd	2016-05-09 02:19:33 UTC	Depends On		1334142
Jason Shepherd	2016-05-09 02:22:30 UTC	Depends On		1334143
Jason Shepherd	2016-05-09 02:24:52 UTC	Depends On		1334144
Jason Shepherd	2016-05-09 02:25:00 UTC	Depends On		1334145
Pavel Polischouk	2016-05-09 03:49:50 UTC	Whiteboard	impact=important,public=20160613,reported=20151119,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,eap-4/jbossas=affected,eap-5/jbossas=affected,brms-5/jbossas=affected,soap-4/JBossAS=affected,soap-5/JBossAS=affected	impact=important,public=20160613,reported=20151119,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,eap-4/jbossas=affected,eap-5/jbossas=affected,brms-5/jbossas=wontfix,soap-4/JBossAS=wontfix,soap-5/JBossAS=affected
Jason Shepherd	2016-08-19 06:48:07 UTC	Summary	EMBARGOED CVE-2016-3690 PooledInvokerServlet is not secured, and deserializes data	CVE-2016-3690 PooledInvokerServlet is not secured, and deserializes data
Jason Shepherd	2016-08-19 06:48:15 UTC	Group	security, qe_staff
Jason Shepherd	2016-08-19 06:53:23 UTC	Doc Text		It was discovered that the LegacyInvokerServlet is exposed on all network interfaces and deserializes objects sent to it. An attacker could use this flaw to cause remote code execution in the JVM running it.
Jason Shepherd	2016-08-19 07:06:43 UTC	Whiteboard	impact=important,public=20160613,reported=20151119,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,eap-4/jbossas=affected,eap-5/jbossas=affected,brms-5/jbossas=wontfix,soap-4/JBossAS=wontfix,soap-5/JBossAS=affected	impact=important,public=20160613,reported=20151119,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,eap-4/jbossas=affected,eap-5/jbossas=affected,brms-5/jbossas=wontfix,soap-4/JBossAS=wontfix,soap-5/JBossAS=wontfix
Jason Shepherd	2016-08-19 07:07:10 UTC	Whiteboard	impact=important,public=20160613,reported=20151119,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,eap-4/jbossas=affected,eap-5/jbossas=affected,brms-5/jbossas=wontfix,soap-4/JBossAS=wontfix,soap-5/JBossAS=wontfix	impact=important,public=20160613,reported=20151119,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,eap-4/jbossas=affected,eap-5/jbossas=wontfix,brms-5/jbossas=wontfix,soap-4/JBossAS=wontfix,soap-5/JBossAS=wontfix
Jason Shepherd	2016-08-19 07:08:59 UTC	Whiteboard	impact=important,public=20160613,reported=20151119,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,eap-4/jbossas=affected,eap-5/jbossas=wontfix,brms-5/jbossas=wontfix,soap-4/JBossAS=wontfix,soap-5/JBossAS=wontfix	impact=important,public=20160613,reported=20151119,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,eap-4/jbossas=wontfix,eap-5/jbossas=wontfix,brms-5/jbossas=wontfix,soap-4/JBossAS=wontfix,soap-5/JBossAS=wontfix
Jason Shepherd	2016-08-25 01:52:25 UTC	Whiteboard	impact=important,public=20160613,reported=20151119,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,eap-4/jbossas=wontfix,eap-5/jbossas=wontfix,brms-5/jbossas=wontfix,soap-4/JBossAS=wontfix,soap-5/JBossAS=wontfix	impact=important,public=20160613,reported=20151119,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,eap-4/jbossas=wontfix,eap-5/jbossas=affected,brms-5/jbossas=wontfix,soap-4/JBossAS=wontfix,soap-5/JBossAS=wontfix
Jason Shepherd	2016-08-25 01:59:53 UTC	Depends On		1369987
Jason Shepherd	2016-10-06 22:38:16 UTC	Whiteboard	impact=important,public=20160613,reported=20151119,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,eap-4/jbossas=wontfix,eap-5/jbossas=affected,brms-5/jbossas=wontfix,soap-4/JBossAS=wontfix,soap-5/JBossAS=wontfix	impact=important,public=20160613,reported=20151119,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,eap-4/jbossas=wontfix,eap-5/jbossas=wontfix,brms-5/jbossas=wontfix,soap-4/JBossAS=wontfix,soap-5/JBossAS=wontfix
Jason Shepherd	2016-10-16 22:18:18 UTC	Status	NEW	CLOSED
		Resolution	---	WONTFIX
		Last Closed		2016-10-16 18:18:18 UTC
Adam Mariš	2016-11-08 16:06:13 UTC	CC	amaris
Product Security DevOps Team	2019-09-29 13:47:33 UTC	Whiteboard	impact=important,public=20160613,reported=20151119,source=redhat,cvss2=7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P,cwe=CWE-502,eap-4/jbossas=wontfix,eap-5/jbossas=wontfix,brms-5/jbossas=wontfix,soap-4/JBossAS=wontfix,soap-5/JBossAS=wontfix

Back to bug 1327037