Back to bug 1401528
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Norman Sardella | 2016-12-05 14:07:19 UTC | CC | sardella | |
| Adam Mariš | 2016-12-05 14:09:08 UTC | Fixed In Version | httpd 2.4.23 | httpd 2.4.24 |
| Whiteboard | impact=moderate,public=20161204,reported=20161205,source=internet,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=new,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected | impact=moderate,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=new,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected | ||
| Adam Mariš | 2016-12-05 14:10:28 UTC | Depends On | 1401530 | |
| Adam Mariš | 2016-12-05 14:12:14 UTC | Blocks | 1401531 | |
| Doran Moppert | 2016-12-15 07:09:58 UTC | Whiteboard | impact=moderate,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=new,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected | impact=moderate,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=affected,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected |
| Doran Moppert | 2016-12-16 04:04:34 UTC | Whiteboard | impact=moderate,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=affected,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected | impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-789,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=affected,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected |
| Doran Moppert | 2016-12-16 04:04:48 UTC | Severity | medium | low |
| Doran Moppert | 2016-12-16 04:05:02 UTC | Priority | medium | low |
| Doran Moppert | 2016-12-16 04:11:22 UTC | Doc Text | A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. | |
| Doran Moppert | 2016-12-16 04:16:01 UTC | CC | dmoppert | |
| Doran Moppert | 2016-12-16 04:17:25 UTC | Whiteboard | impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-789,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=affected,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected | impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-789,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=wontfix,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected |
| Doran Moppert | 2016-12-16 04:20:59 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Last Closed | 2016-12-15 23:20:59 UTC | |||
| Andrej Nemec | 2016-12-19 07:30:40 UTC | Whiteboard | impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-789,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=wontfix,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected | impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=wontfix,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected |
| Doran Moppert | 2016-12-20 00:23:48 UTC | Whiteboard | impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=wontfix,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected | impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-770,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=wontfix,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected |
| Timothy Walsh | 2016-12-20 13:51:08 UTC | Whiteboard | impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-770,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=wontfix,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/jbcs-httpd24-httpd=notaffected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected | impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-770,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=wontfix,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/httpd=affected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected |
| Timothy Walsh | 2016-12-20 13:55:22 UTC | Status | CLOSED | MODIFIED |
| Resolution | WONTFIX | --- | ||
| Keywords | Reopened | |||
| Huzaifa S. Sidhpurwala | 2017-01-03 08:38:43 UTC | Blocks | 1406828 | |
| Tomas Hoger | 2017-02-20 13:28:30 UTC | Status | MODIFIED | NEW |
| Whiteboard | impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-770,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=wontfix,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/httpd=affected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected | impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-770,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=affected,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/httpd=affected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected | ||
| Tomas Hoger | 2017-02-21 13:42:52 UTC | Depends On | 1425463 | |
| Tomas Hoger | 2017-04-26 14:06:47 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-12-15 23:20:59 UTC | 2017-04-26 10:06:47 UTC | ||
| Timothy Walsh | 2017-06-02 11:02:17 UTC | Blocks | 1457678 | |
| Product Security DevOps Team | 2019-09-29 14:01:53 UTC | Whiteboard | impact=low,public=20161204,reported=20161205,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-20->CWE-770,rhel-5/httpd=notaffected,rhel-6/httpd=notaffected,rhel-7/httpd=notaffected,rhscl-2/httpd24-httpd=affected,eap-5/httpd=notaffected,eap-6/httpd=notaffected,eap-6/httpd22=notaffected,jbews-1/httpd=notaffected,jbews-2/httpd22=notaffected,jbews-2/httpd=notaffected,jws-3/httpd24=notaffected,jws-3/httpd=notaffected,jbcs-1/httpd=affected,directory_server_8/httpd=notaffected,fedora-all/httpd=affected |
Back to bug 1401528