Back to bug 1367447
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Tomas Hoger | 2016-08-16 12:33:12 UTC | CC | security-response-team | |
| Tomas Hoger | 2016-08-16 12:33:20 UTC | Blocks | 1362547 | |
| Tomas Hoger | 2016-08-16 13:15:52 UTC | Summary | EMBARGOED tomcat: tomcat writable sysconfig file allows privilege escalation | EMBARGOED tomcat: tomcat writable config files allow privilege escalation |
| Tomas Hoger | 2016-08-17 11:49:15 UTC | Whiteboard | impact=important,public=no,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.0/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=notaffected,rhel-6/tomcat6=affected,fedora-all/tomcat=affected | impact=important,public=no,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=notaffected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,fedora-all/tomcat=affected |
| Tomas Hoger | 2016-08-18 10:54:20 UTC | Whiteboard | impact=important,public=no,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=notaffected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,fedora-all/tomcat=affected | impact=important,public=no,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=affected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,fedora-all/tomcat=affected |
| Tomas Hoger | 2016-08-18 11:12:52 UTC | Summary | EMBARGOED tomcat: tomcat writable config files allow privilege escalation | EMBARGOED CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation |
| Alias | CVE-2016-6325 | |||
| Timothy Walsh | 2016-08-18 13:15:47 UTC | Whiteboard | impact=important,public=no,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=affected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,fedora-all/tomcat=affected | impact=important,public=no,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=affected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,fedora-all/tomcat=affected,jbews-2/tomcat=affected,jbews-3/tomcat=affected |
| Timothy Walsh | 2016-08-18 13:15:51 UTC | CC | jclere, jdoyle, lgao, mbabacek, myarboro, twalsh, weli | |
| Timothy Walsh | 2016-08-18 13:18:09 UTC | Depends On | 1368119 | |
| Timothy Walsh | 2016-08-18 13:18:16 UTC | Depends On | 1368120 | |
| Timothy Walsh | 2016-08-18 13:18:26 UTC | Depends On | 1368121 | |
| Timothy Walsh | 2016-08-18 13:18:32 UTC | Depends On | 1368122 | |
| Tomas Hoger | 2016-08-24 19:37:38 UTC | Doc Text | It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. | |
| Tomas Hoger | 2016-08-25 10:56:46 UTC | Whiteboard | impact=important,public=no,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=affected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,fedora-all/tomcat=affected,jbews-2/tomcat=affected,jbews-3/tomcat=affected | impact=important,public=20160914,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=affected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,fedora-all/tomcat=affected,jbews-2/tomcat=affected,jbews-3/tomcat=affected |
| Tomas Hoger | 2016-09-16 14:43:21 UTC | Whiteboard | impact=important,public=20160914,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=affected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,fedora-all/tomcat=affected,jbews-2/tomcat=affected,jbews-3/tomcat=affected | impact=important,public=20160914,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=affected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,fedora-all/tomcat=affected,epel-6/tomcat=affected,jbews-2/tomcat=affected,jbews-3/tomcat=affected |
| Tomas Hoger | 2016-09-23 10:37:29 UTC | Whiteboard | impact=important,public=20160914,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=affected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,fedora-all/tomcat=affected,epel-6/tomcat=affected,jbews-2/tomcat=affected,jbews-3/tomcat=affected | impact=important,public=20160926,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=affected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,fedora-all/tomcat=affected,epel-6/tomcat=affected,jbews-2/tomcat=affected,jbews-3/tomcat=affected |
| Tomas Hoger | 2016-10-03 20:16:50 UTC | Whiteboard | impact=important,public=20160926,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=affected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,fedora-all/tomcat=affected,epel-6/tomcat=affected,jbews-2/tomcat=affected,jbews-3/tomcat=affected | impact=important,public=no,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=affected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,fedora-all/tomcat=affected,epel-6/tomcat=affected,jbews-2/tomcat=affected,jbews-3/tomcat=affected |
| Tomas Hoger | 2016-10-10 08:32:39 UTC | Summary | EMBARGOED CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation | CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation |
| Whiteboard | impact=important,public=no,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=affected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,fedora-all/tomcat=affected,epel-6/tomcat=affected,jbews-2/tomcat=affected,jbews-3/tomcat=affected | impact=important,public=20161010,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=affected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,fedora-all/tomcat=affected,epel-6/tomcat=affected,jbews-2/tomcat=affected,jbews-3/tomcat=affected | ||
| Tomas Hoger | 2016-10-10 08:34:43 UTC | Group | security, qe_staff | |
| Tomas Hoger | 2016-10-10 08:35:57 UTC | Depends On | 1383216 | |
| Timothy Walsh | 2016-11-24 23:12:41 UTC | CC | fnasser | |
| Timothy Walsh | 2017-01-17 06:13:37 UTC | CC | alee, gzaronik, ivan.afonichev, java-sig-commits, krzysztof.daniel, me, trick | |
| Whiteboard | impact=important,public=20161010,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=affected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N,fedora-all/tomcat=affected,epel-6/tomcat=affected,jbews-2/tomcat=affected,jbews-3/tomcat=affected | impact=important,public=20161010,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=affected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/impact=low,fedora-all/tomcat=affected,epel-6/tomcat=affected,jbews-2/tomcat=wontfix,jbews-3/tomcat=defer,jws-3/tomcat7=affected,jws-3/tomcat8=affected | ||
| Andrej Nemec | 2017-02-08 08:57:53 UTC | Depends On | 1420223 | |
| Andrej Nemec | 2017-02-08 09:00:03 UTC | Depends On | 1420125 | |
| Timothy Walsh | 2017-03-02 11:22:38 UTC | Blocks | 1428325 | |
| Chess Hazlett | 2017-03-08 17:17:13 UTC | CC | chazlett | |
| Doran Moppert | 2017-06-01 02:30:20 UTC | Whiteboard | impact=important,public=20161010,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=affected,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N/impact=low,fedora-all/tomcat=affected,epel-6/tomcat=affected,jbews-2/tomcat=wontfix,jbews-3/tomcat=defer,jws-3/tomcat7=affected,jws-3/tomcat8=affected | impact=important,public=20161010,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=wontfix,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N,fedora-all/tomcat=affected,epel-6/tomcat=affected,jbews-2/tomcat=wontfix,jbews-3/tomcat=defer,jws-3/tomcat7=affected,jws-3/tomcat8=affected |
| Doran Moppert | 2017-06-01 02:30:54 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-05-31 22:30:54 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:55:15 UTC | Whiteboard | impact=important,public=20161010,reported=20160809,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H,cwe=CWE-284,rhel-5/tomcat5=wontfix,rhel-6/tomcat6=affected,rhel-7/tomcat=affected/impact=low/cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/cvss2=1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N,fedora-all/tomcat=affected,epel-6/tomcat=affected,jbews-2/tomcat=wontfix,jbews-3/tomcat=defer,jws-3/tomcat7=affected,jws-3/tomcat8=affected |
Back to bug 1367447