Back to bug 1386103
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Tomas Hoger | 2016-10-18 07:32:31 UTC | CC | security-response-team | |
| Tomas Hoger | 2016-10-18 07:32:36 UTC | Blocks | 1381992 | |
| Tomas Hoger | 2016-10-18 07:56:15 UTC | Whiteboard | impact=moderate,public=20161019,reported=20161014,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N,cwe=CWE-319,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected | impact=moderate,public=20161018,reported=20161014,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N,cwe=CWE-319,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected |
| Tomas Hoger | 2016-10-18 11:41:04 UTC | Doc Text | A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. | |
| Tomas Hoger | 2016-10-18 20:10:02 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2016-5597 OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838) | CVE-2016-5597 OpenJDK: exposure of server authentication credentials to proxy (Networking, 8160838) | ||
| Tomas Hoger | 2016-10-18 20:59:14 UTC | Whiteboard | impact=moderate,public=20161018,reported=20161014,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N,cwe=CWE-319,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected | impact=moderate,public=20161018,reported=20161014,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N,cwe=CWE-319,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected |
| Tomas Hoger | 2016-10-31 20:57:28 UTC | Whiteboard | impact=moderate,public=20161018,reported=20161014,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N,cwe=CWE-319,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected | impact=moderate,public=20161018,reported=20161014,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N,cwe=CWE-319,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected,rhel-5/java-1.6.0-ibm=affected,rhel-6/java-1.6.0-ibm=affected,rhel-5/java-1.7.0-ibm=affected,rhel-6/java-1.7.1-ibm=affected,rhel-7/java-1.7.1-ibm=affected,rhel-6/java-1.8.0-ibm=affected,rhel-7/java-1.8.0-ibm=affected |
| kat | 2016-10-31 22:18:56 UTC | CC | kbost | |
| Tomas Hoger | 2017-01-13 08:12:37 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-01-13 03:12:37 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:58:49 UTC | Whiteboard | impact=moderate,public=20161018,reported=20161014,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N,cwe=CWE-319,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected,rhel-5/java-1.6.0-ibm=affected,rhel-6/java-1.6.0-ibm=affected,rhel-5/java-1.7.0-ibm=affected,rhel-6/java-1.7.1-ibm=affected,rhel-7/java-1.7.1-ibm=affected,rhel-6/java-1.8.0-ibm=affected,rhel-7/java-1.8.0-ibm=affected |
Back to bug 1386103