Back to bug 1388240
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Bharti Kundal | 2016-10-24 19:50:33 UTC | CC | security-response-team | |
| Bharti Kundal | 2016-10-25 17:55:39 UTC | Alias | CVE-2016-8627 | |
| Bharti Kundal | 2016-10-25 17:55:46 UTC | Summary | EMBARGOED Potential EAP resource starvation DOS attack via GET requests for server log files | EMBARGOED CVE-2016-8627 Potential EAP resource starvation DOS attack via GET requests for server log files |
| Bharti Kundal | 2016-10-25 18:03:59 UTC | Blocks | 1381143 | |
| Bharti Kundal | 2016-10-26 15:44:52 UTC | Depends On | 1388986 | |
| Bharti Kundal | 2016-10-26 15:45:05 UTC | Depends On | 1388987 | |
| Radim Hatlapatka | 2016-10-27 09:19:47 UTC | CC | rhatlapa | |
| Bharti Kundal | 2017-01-13 17:26:05 UTC | Blocks | 1413131 | |
| Bharti Kundal | 2017-01-13 21:33:05 UTC | Doc Text | It was discovered that EAP feature to download the server log files which allows the resources to be available via GET requests makes them vulnerable to cross-origin attacks where an attacker can trigger the user’s browser to request the log files.The risk is not the exposure of the log files themselves, but rather that the files may be large and the attacker could trigger enough requests for the files that excessive server resources would be devoted to serving them and normal server functioning would be impaired.. |
|
| Eric Christensen | 2017-01-16 14:04:04 UTC | Doc Text | It was discovered that EAP feature to download the server log files which allows the resources to be available via GET requests makes them vulnerable to cross-origin attacks where an attacker can trigger the user’s browser to request the log files.The risk is not the exposure of the log files themselves, but rather that the files may be large and the attacker could trigger enough requests for the files that excessive server resources would be devoted to serving them and normal server functioning would be impaired.. | It was discovered that an EAP feature to download the server log files allows resources to be available via GET requests making them vulnerable to cross-origin attacks where an attacker can trigger the user’s browser to request the log files. The risk is not the exposure of the log files themselves, but rather that the files may be large and the attacker could trigger enough requests for the files that excessive server resources would be devoted to serving them and normal server functioning would be impaired. |
| Eric Christensen | 2017-01-16 14:13:37 UTC | Doc Text | It was discovered that an EAP feature to download the server log files allows resources to be available via GET requests making them vulnerable to cross-origin attacks where an attacker can trigger the user’s browser to request the log files. The risk is not the exposure of the log files themselves, but rather that the files may be large and the attacker could trigger enough requests for the files that excessive server resources would be devoted to serving them and normal server functioning would be impaired. | An EAP feature to download server log files allows resources to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user’s browser to request the log files consuming enough resources that normal server functioning could be impaired. |
| Eric Christensen | 2017-01-16 14:14:16 UTC | Doc Text | An EAP feature to download server log files allows resources to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user’s browser to request the log files consuming enough resources that normal server functioning could be impaired. | An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user’s browser to request the log files consuming enough resources that normal server functioning could be impaired. |
| Eric Christensen | 2017-01-17 15:27:13 UTC | CC | sparks | |
| Doc Text | An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user’s browser to request the log files consuming enough resources that normal server functioning could be impaired. | An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired. | ||
| Bharti Kundal | 2017-01-18 17:44:06 UTC | Whiteboard | impact=moderate,public=no,reported=20160930,source=redhat,cvss2=5.5/AV:N/AC:L/Au:S/C:P/I:N/A:P,eap-7/admin-cli=affected,eap-6/admin-cli=affected | impact=moderate,public=no,reported=20160930,source=redhat,cvss2=5.5/AV:N/AC:L/Au:S/C:P/I:N/A:P,cvss3=5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L,eap-7/admin-cli=affected,eap-6/admin-cli=affected |
| Chess Hazlett | 2017-01-18 18:33:18 UTC | Whiteboard | impact=moderate,public=no,reported=20160930,source=redhat,cvss2=5.5/AV:N/AC:L/Au:S/C:P/I:N/A:P,cvss3=5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L,eap-7/admin-cli=affected,eap-6/admin-cli=affected | impact=moderate,public=20170118,reported=20160930,source=redhat,cvss2=5.5/AV:N/AC:L/Au:S/C:P/I:N/A:P,cvss3=5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L,eap-7/admin-cli=affected,eap-6/admin-cli=affected |
| Chess Hazlett | 2017-01-18 18:33:26 UTC | Summary | EMBARGOED CVE-2016-8627 Potential EAP resource starvation DOS attack via GET requests for server log files | CVE-2016-8627 Potential EAP resource starvation DOS attack via GET requests for server log files |
| Chess Hazlett | 2017-01-18 18:33:34 UTC | Group | security, qe_staff | |
| Adam Mariš | 2017-01-20 11:19:28 UTC | CC | bkundal | |
| Flags | needinfo?(bkundal) | |||
| Bharti Kundal | 2017-01-25 23:30:02 UTC | Whiteboard | impact=moderate,public=20170118,reported=20160930,source=redhat,cvss2=5.5/AV:N/AC:L/Au:S/C:P/I:N/A:P,cvss3=5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L,eap-7/admin-cli=affected,eap-6/admin-cli=affected | impact=moderate,public=20170118,reported=20160930,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L,eap-7/admin-cli=affected,eap-6/admin-cli=affected |
| Bharti Kundal | 2017-01-25 23:30:14 UTC | Whiteboard | impact=moderate,public=20170118,reported=20160930,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L,eap-7/admin-cli=affected,eap-6/admin-cli=affected | impact=moderate,public=20170118,reported=20160930,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L,eap-7/admin-cli=affected,eap-6/admin-cli=affected |
| Bharti Kundal | 2017-01-25 23:31:42 UTC | Flags | needinfo?(bkundal) | |
| Bharti Kundal | 2017-12-04 09:07:07 UTC | Blocks | 1520314 | |
| Eric Christensen | 2018-02-02 19:42:24 UTC | CC | sparks | |
| PnT Account Manager | 2018-03-05 15:36:13 UTC | CC | rhatlapa | |
| Laura Pardo | 2018-05-10 22:21:17 UTC | Summary | CVE-2016-8627 Potential EAP resource starvation DOS attack via GET requests for server log files | CVE-2016-8627 admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files |
| Laura Pardo | 2018-05-10 22:23:35 UTC | Fixed In Version | admin-cli 3.0.0.Alpha25, admin-cli 2.2.1.CR2 | |
| Laura Pardo | 2018-05-10 22:25:07 UTC | Whiteboard | impact=moderate,public=20170118,reported=20160930,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L,eap-7/admin-cli=affected,eap-6/admin-cli=affected | impact=moderate,public=20170118,reported=20160930,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L,cwe=CWE-400,eap-7/admin-cli=affected,eap-6/admin-cli=affected |
| PnT Account Manager | 2018-10-19 21:37:58 UTC | CC | bkundal | |
| Kunjan Rathod | 2019-06-18 03:32:12 UTC | CC | krathod | |
| Product Security DevOps Team | 2019-09-29 13:58:49 UTC | Whiteboard | impact=moderate,public=20170118,reported=20160930,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L,cwe=CWE-400,eap-7/admin-cli=affected,eap-6/admin-cli=affected | |
| PnT Account Manager | 2019-11-05 01:07:07 UTC | CC | psakar | |
| PnT Account Manager | 2020-10-16 22:25:08 UTC | CC | pgier | |
| Joshua Padman | 2021-10-21 11:47:19 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2021-10-21 11:47:19 UTC |
Back to bug 1388240