Back to bug 1330179
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Ján Rusnačko | 2016-04-25 14:29:51 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-04-25 14:29:51 UTC | Doc Type | --- | Bug Fix |
| Ján Rusnačko | 2016-04-25 14:34:57 UTC | Blocks | 1330182 | |
| Kurt Seifried | 2016-04-25 20:13:57 UTC | Whiteboard | impact=low,public=no,reported=20160309,source=redhat,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.9/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N,cwe=CWE-327,cfme-5/cfme=affected | impact=low,public=20160425,reported=20160309,source=redhat,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.9/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N,cwe=CWE-327,cfme-5/cfme=affected |
| Kurt Seifried | 2016-04-25 20:14:01 UTC | Summary | EMBARGOED CVE-2016-3702 CFME vulnerable to padding oracle attack against AES-256-CBC | CVE-2016-3702 CFME vulnerable to padding oracle attack against AES-256-CBC |
| Kurt Seifried | 2016-04-25 20:14:05 UTC | Group | security, qe_staff | |
| Ján Rusnačko | 2016-04-26 07:04:56 UTC | CC | apatters | tschepon |
| Ján Rusnačko | 2016-04-26 07:07:14 UTC | CC | slukasik | |
| Ján Rusnačko | 2016-04-27 07:52:01 UTC | Whiteboard | impact=low,public=20160425,reported=20160309,source=redhat,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.9/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N,cwe=CWE-327,cfme-5/cfme=affected | impact=low,public=20160425,reported=20160309,source=redhat,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.9/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N,cwe=CWE-327,cfme-5/cfme=affected |
| Kurt Seifried | 2016-08-11 15:50:22 UTC | CC | simaishi | |
| Kurt Seifried | 2016-08-11 16:05:48 UTC | Depends On | 1366330 | |
| John Skeoch | 2016-10-04 04:27:00 UTC | CC | tschepon | nobody |
| Kurt Seifried | 2016-11-02 02:09:29 UTC | Doc Text | A padding oracle flaw was found in the encryption of sensitive information stored within the backend databased used by CloudForms. An attacker able to submit forged cipher texts could observe the results of encryption and determine information that could in turn lead to the disclosure of encrypted data within the database. | |
| Eric Christensen | 2016-11-03 01:09:50 UTC | Doc Text | A padding oracle flaw was found in the encryption of sensitive information stored within the backend databased used by CloudForms. An attacker able to submit forged cipher texts could observe the results of encryption and determine information that could in turn lead to the disclosure of encrypted data within the database. | A padding oracle flaw was found in the encryption of sensitive information stored within the backend database used by CloudForms. An attacker able to submit forged cipher texts could observe the results of encryption and determine information that could, in turn, lead to the disclosure of encrypted data within the database. |
| Kurt Seifried | 2016-12-20 03:54:30 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-12-19 22:54:30 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:48:22 UTC | Whiteboard | impact=low,public=20160425,reported=20160309,source=redhat,cvss2=3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N,cvss3=4.9/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N,cwe=CWE-327,cfme-5/cfme=affected | |
| Yadnyawalk Tale | 2020-10-23 14:23:27 UTC | Summary | CVE-2016-3702 CFME vulnerable to padding oracle attack against AES-256-CBC | CVE-2016-3702 cfme: vulnerable to padding oracle attack against AES-256-CBC |
Back to bug 1330179