Back to bug 1390520
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Horia Chiorean | 2016-11-01 10:00:49 UTC | CC | hchiorea | |
| Martin Prpič | 2016-11-01 10:15:42 UTC | Whiteboard | impact=low,public=20161027,reported=20161027,source=internet,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N,brms-5/jbossweb=affected,eap-5/jbossweb=affected,eap-6/jbossweb=affected,jdg-6/jbossweb=affected,jdv-6/jbossweb=affected,jon-3/jbossweb=affected,fsw-6/jbossweb=affected,fuse-6/jbossweb=affected,openshift-1/jbossweb=affected,rhel-5/tomcat5=wontfix,rhel-6/tomcat6=wontfix,rhel-7/tomcat=wontfix,jbews-2/tomcat7=affected,jbews-2/tomcat6=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected | impact=low,public=20161027,reported=20161027,source=internet,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N,brms-5/jbossweb=affected,eap-5/jbossweb=affected,eap-6/jbossweb=affected,jdg-6/jbossweb=affected,jdv-6/jbossweb=affected,jon-3/jbossweb=affected,fsw-6/jbossweb=affected,fuse-6/jbossweb=affected,openshift-1/jbossweb=affected,rhel-5/tomcat5=wontfix,rhel-6/tomcat6=wontfix,rhel-7/tomcat=wontfix,jbews-2/tomcat7=affected,jbews-2/tomcat6=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,fedora-all/tomcat=affected/cvss2=4.0/AV:N/AC:H/Au:N/C:P/I:P/A:N/cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,epel-6/tomcat=affected/cvss2=4.0/AV:N/AC:H/Au:N/C:P/I:P/A:N/cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |
| Martin Prpič | 2016-11-01 10:16:08 UTC | CC | alee, ivan.afonichev, java-sig-commits, krzysztof.daniel, me, trick | |
| Martin Prpič | 2016-11-01 10:16:39 UTC | Whiteboard | impact=low,public=20161027,reported=20161027,source=internet,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N,brms-5/jbossweb=affected,eap-5/jbossweb=affected,eap-6/jbossweb=affected,jdg-6/jbossweb=affected,jdv-6/jbossweb=affected,jon-3/jbossweb=affected,fsw-6/jbossweb=affected,fuse-6/jbossweb=affected,openshift-1/jbossweb=affected,rhel-5/tomcat5=wontfix,rhel-6/tomcat6=wontfix,rhel-7/tomcat=wontfix,jbews-2/tomcat7=affected,jbews-2/tomcat6=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,fedora-all/tomcat=affected/cvss2=4.0/AV:N/AC:H/Au:N/C:P/I:P/A:N/cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N,epel-6/tomcat=affected/cvss2=4.0/AV:N/AC:H/Au:N/C:P/I:P/A:N/cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N | impact=low,public=20161027,reported=20161027,source=internet,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N,brms-5/jbossweb=affected,eap-5/jbossweb=affected,eap-6/jbossweb=affected,jdg-6/jbossweb=affected,jdv-6/jbossweb=affected,jon-3/jbossweb=affected,fsw-6/jbossweb=affected,fuse-6/jbossweb=affected,openshift-1/jbossweb=affected,rhel-5/tomcat5=wontfix,rhel-6/tomcat6=wontfix,rhel-7/tomcat=wontfix,jbews-2/tomcat7=affected,jbews-2/tomcat6=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,fedora-all/tomcat=affected,epel-6/tomcat=affected |
| Martin Prpič | 2016-11-01 10:21:35 UTC | Depends On | 1390531 | |
| Martin Prpič | 2016-11-01 10:21:43 UTC | Depends On | 1390532 | |
| Martin Prpič | 2016-11-01 10:21:56 UTC | Depends On | 1390533 | |
| Martin Prpič | 2016-11-01 10:23:29 UTC | Blocks | 1390534 | |
| Yasuhiro Ozone | 2016-11-01 22:45:26 UTC | CC | yozone | |
| Hung | 2016-11-07 14:43:49 UTC | CC | hpham | |
| Hooman Broujerdi | 2016-11-09 02:39:51 UTC | Whiteboard | impact=low,public=20161027,reported=20161027,source=internet,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N,brms-5/jbossweb=affected,eap-5/jbossweb=affected,eap-6/jbossweb=affected,jdg-6/jbossweb=affected,jdv-6/jbossweb=affected,jon-3/jbossweb=affected,fsw-6/jbossweb=affected,fuse-6/jbossweb=affected,openshift-1/jbossweb=affected,rhel-5/tomcat5=wontfix,rhel-6/tomcat6=wontfix,rhel-7/tomcat=wontfix,jbews-2/tomcat7=affected,jbews-2/tomcat6=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,fedora-all/tomcat=affected,epel-6/tomcat=affected | impact=low,public=20161027,reported=20161027,source=internet,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N,brms-5/jbossweb=affected,eap-5/jbossweb=affected,eap-6/jbossweb=affected,jdg-6/jbossweb=affected,jdv-6/jbossweb=affected,jon-3/jbossweb=affected,fsw-6/jbossweb=affected,fuse-6/jbossweb=wontfix,openshift-1/jbossweb=affected,rhel-5/tomcat5=wontfix,rhel-6/tomcat6=wontfix,rhel-7/tomcat=wontfix,jbews-2/tomcat7=affected,jbews-2/tomcat6=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,fedora-all/tomcat=affected,epel-6/tomcat=affected |
| Timothy Walsh | 2016-11-09 06:22:58 UTC | Depends On | 1393222 | |
| Timothy Walsh | 2016-11-09 06:23:11 UTC | Depends On | 1393223 | |
| Timothy Walsh | 2017-01-17 05:53:51 UTC | CC | hchiorea | |
| Whiteboard | impact=low,public=20161027,reported=20161027,source=internet,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N,brms-5/jbossweb=affected,eap-5/jbossweb=affected,eap-6/jbossweb=affected,jdg-6/jbossweb=affected,jdv-6/jbossweb=affected,jon-3/jbossweb=affected,fsw-6/jbossweb=affected,fuse-6/jbossweb=wontfix,openshift-1/jbossweb=affected,rhel-5/tomcat5=wontfix,rhel-6/tomcat6=wontfix,rhel-7/tomcat=wontfix,jbews-2/tomcat7=affected,jbews-2/tomcat6=affected,jbews-3/tomcat7=affected,jbews-3/tomcat8=affected,fedora-all/tomcat=affected,epel-6/tomcat=affected | impact=low,public=20161027,reported=20161027,source=internet,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N,brms-5/jbossweb=affected,eap-5/jbossweb=affected,eap-6/jbossweb=affected,jdg-6/jbossweb=affected,jdv-6/jbossweb=affected,jon-3/jbossweb=affected,fsw-6/jbossweb=affected,fuse-6/jbossweb=wontfix,openshift-1/jbossweb=affected,rhel-5/tomcat5=wontfix,rhel-6/tomcat6=wontfix,rhel-7/tomcat=wontfix,jbews-2/tomcat7=wontfix,jbews-2/tomcat6=wontfix,jbews-3/tomcat7=defer,jbews-3/tomcat8=defer,fedora-all/tomcat=affected,epel-6/tomcat=affected,jws-3/tomcat7=affected,jws-3/tomcat8=affected | ||
| Timothy Walsh | 2017-01-17 06:50:37 UTC | Blocks | 1376651 | |
| Timothy Walsh | 2017-03-02 07:26:54 UTC | Doc Text | It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. | |
| Timothy Walsh | 2017-03-02 11:22:38 UTC | Blocks | 1428325 | |
| Timothy Walsh | 2017-04-26 05:41:14 UTC | CC | psotirop | |
| Whiteboard | impact=low,public=20161027,reported=20161027,source=internet,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N,brms-5/jbossweb=affected,eap-5/jbossweb=affected,eap-6/jbossweb=affected,jdg-6/jbossweb=affected,jdv-6/jbossweb=affected,jon-3/jbossweb=affected,fsw-6/jbossweb=affected,fuse-6/jbossweb=wontfix,openshift-1/jbossweb=affected,rhel-5/tomcat5=wontfix,rhel-6/tomcat6=wontfix,rhel-7/tomcat=wontfix,jbews-2/tomcat7=wontfix,jbews-2/tomcat6=wontfix,jbews-3/tomcat7=defer,jbews-3/tomcat8=defer,fedora-all/tomcat=affected,epel-6/tomcat=affected,jws-3/tomcat7=affected,jws-3/tomcat8=affected | impact=low,public=20161027,reported=20161027,source=internet,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N,brms-5/jbossweb=affected,eap-5/jbossweb=notaffected,eap-6/jbossweb=notaffected,jdg-6/jbossweb=affected,jdv-6/jbossweb=affected,jon-3/jbossweb=affected,fsw-6/jbossweb=affected,fuse-6/jbossweb=wontfix,openshift-1/jbossweb=affected,rhel-5/tomcat5=wontfix,rhel-6/tomcat6=wontfix,rhel-7/tomcat=wontfix,jbews-2/tomcat7=wontfix,jbews-2/tomcat6=wontfix,jbews-3/tomcat7=defer,jbews-3/tomcat8=defer,fedora-all/tomcat=affected,epel-6/tomcat=affected,jws-3/tomcat7=affected,jws-3/tomcat8=affected | ||
| Doran Moppert | 2017-07-21 05:18:19 UTC | Blocks | 1415638 | |
| Tomas Hoger | 2017-07-25 20:40:27 UTC | Doc Text | It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. | It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. |
| Joel Smith | 2017-07-31 22:37:02 UTC | CC | joelsmith | |
| PnT Account Manager | 2017-12-07 23:58:54 UTC | CC | felias | |
| PnT Account Manager | 2018-01-30 20:40:22 UTC | CC | hchiorea | |
| PnT Account Manager | 2018-05-10 18:18:47 UTC | CC | pavelp | |
| Patrick van Staveren | 2018-05-10 18:48:43 UTC | CC | trick | |
| Joshua Padman | 2019-05-16 03:45:27 UTC | Whiteboard | impact=low,public=20161027,reported=20161027,source=internet,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N,brms-5/jbossweb=affected,eap-5/jbossweb=notaffected,eap-6/jbossweb=notaffected,jdg-6/jbossweb=affected,jdv-6/jbossweb=affected,jon-3/jbossweb=affected,fsw-6/jbossweb=affected,fuse-6/jbossweb=wontfix,openshift-1/jbossweb=affected,rhel-5/tomcat5=wontfix,rhel-6/tomcat6=wontfix,rhel-7/tomcat=wontfix,jbews-2/tomcat7=wontfix,jbews-2/tomcat6=wontfix,jbews-3/tomcat7=defer,jbews-3/tomcat8=defer,fedora-all/tomcat=affected,epel-6/tomcat=affected,jws-3/tomcat7=affected,jws-3/tomcat8=affected | impact=low,public=20161027,reported=20161027,source=internet,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N,brms-5/jbossweb=wontfix,eap-5/jbossweb=notaffected,eap-6/jbossweb=notaffected,jdg-6/jbossweb=wontfix,jdv-6/jbossweb=wontfix,jon-3/jbossweb=wontfix,fsw-6/jbossweb=wontfix,fuse-6/jbossweb=wontfix,openshift-1/jbossweb=affected,rhel-5/tomcat5=wontfix,rhel-6/tomcat6=wontfix,rhel-7/tomcat=wontfix,jbews-2/tomcat7=wontfix,jbews-2/tomcat6=wontfix,jbews-3/tomcat7=defer,jbews-3/tomcat8=defer,fedora-all/tomcat=affected,epel-6/tomcat=affected,jws-3/tomcat7=affected,jws-3/tomcat8=affected |
| Lukáš Petrovický | 2019-09-24 14:07:34 UTC | CC | lpetrovi | |
| Product Security DevOps Team | 2019-09-29 13:59:56 UTC | Whiteboard | impact=low,public=20161027,reported=20161027,source=internet,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N,brms-5/jbossweb=wontfix,eap-5/jbossweb=notaffected,eap-6/jbossweb=notaffected,jdg-6/jbossweb=wontfix,jdv-6/jbossweb=wontfix,jon-3/jbossweb=wontfix,fsw-6/jbossweb=wontfix,fuse-6/jbossweb=wontfix,openshift-1/jbossweb=affected,rhel-5/tomcat5=wontfix,rhel-6/tomcat6=wontfix,rhel-7/tomcat=wontfix,jbews-2/tomcat7=wontfix,jbews-2/tomcat6=wontfix,jbews-3/tomcat7=defer,jbews-3/tomcat8=defer,fedora-all/tomcat=affected,epel-6/tomcat=affected,jws-3/tomcat7=affected,jws-3/tomcat8=affected | |
| PnT Account Manager | 2019-11-05 01:07:14 UTC | CC | psakar | |
| PnT Account Manager | 2020-01-16 22:28:44 UTC | CC | hpham | |
| PnT Account Manager | 2020-10-16 22:25:15 UTC | CC | pgier | |
| PnT Account Manager | 2020-10-20 21:09:26 UTC | CC | vhalbert | |
| PnT Account Manager | 2020-11-12 22:19:55 UTC | CC | miburman | |
| Red Hat Bugzilla | 2021-09-01 04:30:06 UTC | CC | spinder | |
| Red Hat Bugzilla | 2021-10-15 11:51:54 UTC | CC | kconner | |
| Joshua Padman | 2021-10-27 10:52:44 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2021-10-27 10:52:44 UTC |
Back to bug 1390520