Back to bug 1990252
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Ted Jongseok Won | 2021-08-05 07:01:46 UTC | Doc Text | A flaw was found in Red Hat JBoss Core Services Apache HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. |
| Ted Jongseok Won | 2021-08-05 07:07:55 UTC | Comment | 0 | updated |
| Ted Jongseok Won | 2021-08-05 07:09:32 UTC | Comment | 0 | updated |
| Aaron Ogburn | 2021-08-05 14:05:03 UTC | Doc Type | --- | If docs needed, set a value |
| CC | aogburn | |||
| Doran Moppert | 2021-08-06 01:59:11 UTC | CC | hhorak, jorton, luhliari, rhcs-maint | |
| Ted Jongseok Won | 2021-08-06 05:13:43 UTC | CC | asoldano, atangrin, bbaranow, bmaxwell, brian.stansberry, cdewolf, chazlett, darran.lofthouse, dkreling, dosoudil, eleandro, fjuma, iweiss, jochrist, jpallich, jperkins, kwills, lgao, msochure, msvehla, nwallace, pmackay, rguimara, rstancel, rsvoboda, smaestri, tom.jenkinson, yborgess | |
| Ted Jongseok Won | 2021-08-12 06:14:33 UTC | Alias | CVE-2021-3688 | |
| Summary | Red Hat JBCS: URL normalization issue with dot-dot-semicolon(s) leads to information disclosure | CVE-2021-3688 Red Hat JBCS: URL normalization issue with dot-dot-semicolon(s) leads to information disclosure | ||
| Riccardo Schirone | 2021-08-26 07:31:48 UTC | CC | rschiron | |
| Red Hat Bugzilla | 2022-08-19 22:21:32 UTC | CC | rschiron | |
| Red Hat Bugzilla | 2022-10-28 13:12:44 UTC | CC | krathod | |
| Matthew Harmsen | 2023-03-03 00:47:19 UTC | CC | rhcs-maint | |
| Matthew Harmsen | 2023-03-03 00:50:45 UTC | CC | rhcs-maint | |
| Red Hat Bugzilla | 2023-05-15 19:52:04 UTC | CC | atangrin | |
| Red Hat Bugzilla | 2023-07-07 08:27:45 UTC | Assignee | security-response-team | nobody |
Back to bug 1990252