Back to bug 1375968
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Timothy Walsh | 2016-09-14 11:27:50 UTC | CC | security-response-team | |
| Timothy Walsh | 2016-09-14 11:35:20 UTC | Whiteboard | impact=moderate,public=no,reported=20160912,source=upstream,eap-6/httpd=affected | impact=moderate,public=no,reported=20160912,source=upstream,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=affected,jbcs-1/httpd=affected,rhel-5/httpd=affected,rhel-6/httpd=affected,rhel-7/httpd=affected |
| Timothy Walsh | 2016-09-14 11:35:35 UTC | CC | jclere, luhliari, mbabacek, mturk, weli | |
| Timothy Walsh | 2016-09-14 11:37:26 UTC | Depends On | 1375970 | |
| Timothy Walsh | 2016-09-14 11:37:45 UTC | Depends On | 1375971 | |
| Adam Mariš | 2016-09-14 12:40:26 UTC | CC | amaris | |
| Summary | EMBARGOED CVE-2016-4975 Unspecified vulnerability was found in httpd having moderate impact via unspecified vectors | EMBARGOED CVE-2016-4975 httpd: Unspecified vulnerability having moderate impact via unspecified vectors | ||
| Luboš Uhliarik | 2016-09-15 14:02:26 UTC | CC | jorton | |
| Timothy Walsh | 2016-10-17 10:41:43 UTC | Blocks | 1376651 | |
| Adam Mariš | 2016-11-08 16:19:48 UTC | CC | amaris | |
| Timothy Walsh | 2017-01-17 07:09:23 UTC | Blocks | 1390534 | |
| Timothy Walsh | 2017-01-17 07:17:13 UTC | CC | gzaronik | |
| Whiteboard | impact=moderate,public=no,reported=20160912,source=upstream,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=affected,jbcs-1/httpd=affected,rhel-5/httpd=affected,rhel-6/httpd=affected,rhel-7/httpd=affected | impact=moderate,reported=20160912,source=upstream,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=affected,rhel-6/httpd=affected,rhel-7/httpd=affected,jws-3/tomcat7=affected,jws-3/tomcat8=affected | ||
| Timothy Walsh | 2017-03-13 03:46:24 UTC | Whiteboard | impact=moderate,reported=20160912,source=upstream,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=affected,rhel-6/httpd=affected,rhel-7/httpd=affected,jws-3/tomcat7=affected,jws-3/tomcat8=affected | impact=moderate,reported=20160912,source=upstream,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=affected,rhel-6/httpd=affected,rhel-7/httpd=affected,jws-3/httpd=wontfix |
| Tomas Hoger | 2017-04-11 12:35:12 UTC | Blocks | 1441206 | |
| Tomas Hoger | 2017-04-11 12:38:23 UTC | Blocks | 1390534 | |
| Tomas Hoger | 2017-04-11 12:41:58 UTC | CC | hhorak | |
| Whiteboard | impact=moderate,reported=20160912,source=upstream,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=affected,rhel-6/httpd=affected,rhel-7/httpd=affected,jws-3/httpd=wontfix | impact=moderate,reported=20160912,source=upstream,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=new,rhel-6/httpd=new,rhel-7/httpd=new,jws-3/httpd=wontfix,rhscl-2/httpd24-httpd=new | ||
| Doran Moppert | 2017-06-20 05:55:30 UTC | CC | dmoppert | |
| Tomas Hoger | 2017-07-28 12:14:10 UTC | Blocks | 1376651 | |
| Tomas Hoger | 2017-10-26 21:15:54 UTC | Whiteboard | impact=moderate,reported=20160912,source=upstream,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=new,rhel-6/httpd=new,rhel-7/httpd=new,jws-3/httpd=wontfix,rhscl-2/httpd24-httpd=new | impact=moderate,reported=20160912,source=upstream,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=new,rhel-6/httpd=new,rhel-7/httpd=new,jws-3/httpd=wontfix,rhscl-3/httpd24-httpd=new |
| Huzaifa S. Sidhpurwala | 2018-05-08 05:10:55 UTC | Flags | needinfo?(twalsh) | |
| Huzaifa S. Sidhpurwala | 2018-05-08 05:11:36 UTC | Flags | needinfo?(twalsh) | |
| Sam Fowler | 2018-08-16 03:21:35 UTC | Fixed In Version | httpd 2.2.32, httpd 2.4.25 | |
| Sam Fowler | 2018-08-21 07:10:18 UTC | Summary | EMBARGOED CVE-2016-4975 httpd: Unspecified vulnerability having moderate impact via unspecified vectors | EMBARGOED CVE-2016-4975 httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir |
| Sam Fowler | 2018-08-21 07:12:32 UTC | CC | sfowler | |
| Sam Fowler | 2018-08-21 07:13:49 UTC | Whiteboard | impact=moderate,reported=20160912,source=upstream,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=new,rhel-6/httpd=new,rhel-7/httpd=new,jws-3/httpd=wontfix,rhscl-3/httpd24-httpd=new | impact=moderate,reported=20160912,source=upstream,cwe=CWE-113,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=new,rhel-6/httpd=new,rhel-7/httpd=new,jws-3/httpd=wontfix,rhscl-3/httpd24-httpd=new |
| Sam Fowler | 2018-08-21 07:14:29 UTC | Group | security, qe_staff | |
| CC | apintea, bkundal, chazlett, dimitris, fgavrilo, jdoyle, jondruse, pjurak, ppalaga, rstancel, sstavrev | |||
| Summary | EMBARGOED CVE-2016-4975 httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir | CVE-2016-4975 httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir | ||
| Whiteboard | impact=moderate,reported=20160912,source=upstream,cwe=CWE-113,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=new,rhel-6/httpd=new,rhel-7/httpd=new,jws-3/httpd=wontfix,rhscl-3/httpd24-httpd=new | impact=moderate,public=20180814,reported=20160912,source=upstream,cwe=CWE-113,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=new,rhel-6/httpd=new,rhel-7/httpd=new,jws-3/httpd=wontfix,rhscl-3/httpd24-httpd=new | ||
| Yasuhiro Ozone | 2018-08-29 01:35:07 UTC | CC | yozone | |
| Huzaifa S. Sidhpurwala | 2018-09-03 05:42:04 UTC | Whiteboard | impact=moderate,public=20180814,reported=20160912,source=upstream,cwe=CWE-113,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=new,rhel-6/httpd=new,rhel-7/httpd=new,jws-3/httpd=wontfix,rhscl-3/httpd24-httpd=new | impact=moderate,public=20180814,reported=20160912,source=upstream,cvss3=4.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-113,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=new,rhel-6/httpd=new,rhel-7/httpd=new,jws-3/httpd=wontfix,rhscl-3/httpd24-httpd=new |
| Huzaifa S. Sidhpurwala | 2018-09-03 05:50:27 UTC | Whiteboard | impact=moderate,public=20180814,reported=20160912,source=upstream,cvss3=4.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-113,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=new,rhel-6/httpd=new,rhel-7/httpd=new,jws-3/httpd=wontfix,rhscl-3/httpd24-httpd=new | impact=moderate,public=20180814,reported=20160912,source=upstream,cvss3=4.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-113,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=wontfix,rhel-6/httpd=wontfix,rhel-7/httpd=affected,jws-3/httpd=wontfix,rhscl-3/httpd24-httpd=notaffected,rhel-8/httpd=notaffected |
| Huzaifa S. Sidhpurwala | 2018-09-03 05:51:14 UTC | Depends On | 1624693 | |
| Huzaifa S. Sidhpurwala | 2018-09-03 05:55:34 UTC | Doc Text | It was found that apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data. | |
| Whiteboard | impact=moderate,public=20180814,reported=20160912,source=upstream,cvss3=4.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N,cwe=CWE-113,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=wontfix,rhel-6/httpd=wontfix,rhel-7/httpd=affected,jws-3/httpd=wontfix,rhscl-3/httpd24-httpd=notaffected,rhel-8/httpd=notaffected | impact=moderate,public=20180814,reported=20160912,source=upstream,cvss3=3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-113,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=wontfix,rhel-6/httpd=wontfix,rhel-7/httpd=affected,jws-3/httpd=wontfix,rhscl-3/httpd24-httpd=notaffected,rhel-8/httpd=notaffected | ||
| Huzaifa S. Sidhpurwala | 2018-09-03 06:06:25 UTC | Whiteboard | impact=moderate,public=20180814,reported=20160912,source=upstream,cvss3=3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-113,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=wontfix,rhel-6/httpd=wontfix,rhel-7/httpd=affected,jws-3/httpd=wontfix,rhscl-3/httpd24-httpd=notaffected,rhel-8/httpd=notaffected | impact=moderate,public=20180814,reported=20160912,source=internet,cvss3=3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-113,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=wontfix,rhel-6/httpd=wontfix,rhel-7/httpd=affected,jws-3/httpd=wontfix,rhscl-3/httpd24-httpd=notaffected,rhel-8/httpd=notaffected |
| Eric Christensen | 2018-09-05 17:37:54 UTC | Doc Text | It was found that apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data. | It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data. |
| PnT Account Manager | 2018-10-19 21:37:26 UTC | CC | mkoepke | |
| CC | bkundal | |||
| Huzaifa S. Sidhpurwala | 2018-11-05 05:18:12 UTC | Flags | needinfo?(jclere) | |
| Jean-frederic Clere | 2018-11-05 09:21:49 UTC | Flags | needinfo?(jclere) | |
| Huzaifa S. Sidhpurwala | 2018-11-06 06:40:50 UTC | Flags | needinfo?(jclere) | |
| Jean-frederic Clere | 2018-11-06 07:09:42 UTC | Flags | needinfo?(jclere) | |
| PnT Account Manager | 2019-04-05 03:14:55 UTC | CC | apintea | |
| PnT Account Manager | 2019-06-30 21:43:20 UTC | CC | pjurak | |
| Product Security DevOps Team | 2019-09-29 13:56:12 UTC | Whiteboard | impact=moderate,public=20180814,reported=20160912,source=internet,cvss3=3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-113,eap-6/httpd=affected,jbews-2/httpd=wontfix,jbews-3/httpd=defer,jbcs-1/httpd=affected,rhel-5/httpd=wontfix,rhel-6/httpd=wontfix,rhel-7/httpd=affected,jws-3/httpd=wontfix,rhscl-3/httpd24-httpd=notaffected,rhel-8/httpd=notaffected | |
| PnT Account Manager | 2019-11-05 01:06:57 UTC | CC | psakar | |
| Joe Orton | 2019-12-04 13:40:50 UTC | Flags | needinfo?(twalsh) | |
| Clifford Perry | 2019-12-13 13:14:55 UTC | CC | cperry, thoger | |
| Flags | needinfo?(twalsh) | needinfo?(thoger) | ||
| Tomas Hoger | 2019-12-16 16:36:06 UTC | CC | huzaifas | |
| Flags | needinfo?(thoger) | needinfo?(huzaifas) | ||
| Huzaifa S. Sidhpurwala | 2019-12-20 06:33:49 UTC | Flags | needinfo?(huzaifas) | needinfo?(jorton) |
| Joe Orton | 2020-01-15 13:53:30 UTC | Flags | needinfo?(jorton) | |
| PnT Account Manager | 2020-08-31 21:54:07 UTC | CC | fgavrilo | |
| PnT Account Manager | 2020-10-16 22:24:52 UTC | CC | pgier | |
| Joshua Padman | 2021-10-27 10:51:35 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2021-10-27 10:51:35 UTC |
Back to bug 1375968