Back to bug 2209342
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Patrick Del Bello | 2023-05-23 14:49:36 UTC | CC | adupliak, aileenc, alampare, alazarot, anstephe, asoldano, ataylor, avibelli, bbaranow, bgeorges, bmaxwell, boliveir, brian.stansberry, cdewolf, chazlett, cmoulliard, darran.lofthouse, dhanak, dkreling, dosoudil, drichtar, emingora, fjuma, gjospin, gmalinko, hbraun, ibek, ikanello, ivassile, iweiss, janstey, jpavlik, jpoth, jrokos, jross, jscholz, kverlaen, lbacciot, lgao, lpetrovi, lthon, mizdebsk, mnovotny, mosmerov, msochure, msvehla, nwallace, pdelbell, pdrozd, peholase, pgallagh, pjindal, pmackay, pskopek, rguimara, rkieley, rowaters, rrajasek, rruss, rstancel, rsynek, saroy, smaestri, sthorger, swoodman, tcunning, tom.jenkinson, yfang | |
| Patrick Del Bello | 2023-05-23 14:50:29 UTC | Fixed In Version | spring-boot 3.0.7+, spring-boot 2.7.12+, spring-boot 2.6.15+, spring-boot 2.5.15 | spring-boot 3.0.7, spring-boot 2.7.12, spring-boot 2.6.15, spring-boot 2.5.15 |
| Patrick Del Bello | 2023-05-23 15:00:34 UTC | CC | kaycoth | |
| Patrick Del Bello | 2023-05-23 15:27:21 UTC | Fixed In Version | spring-boot 3.0.7, spring-boot 2.7.12, spring-boot 2.6.15, spring-boot 2.5.15 | spring-boot 3.0.7, spring-boot 2.7.12, spring-boot 2.6.15, spring-boot 2.5.15 |
| Paige Jung | 2023-05-23 17:06:51 UTC | Doc Text | A flaw was found in Spring Boot, especially Spring MVC together with a reverse proxy cache. This flaw may allow a Denial of Sevice (DoS) attack. This requires Spring MVC auto-configuration enabled, application makes use of Spring Boot's welcome page support, either static or templated, application is deployed behind a proxy which caches 404 responses. | A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This requires Spring MVC to have auto-configuration enabled and the application to make use of Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy which caches 404 responses. This issue may allow a Denial of Service (DoS) attack. |
| Patrick Del Bello | 2023-05-23 18:36:35 UTC | Depends On | 2209388 | |
| Sandipan Roy | 2023-05-24 03:19:45 UTC | Depends On | 2209482, 2209485, 2209483, 2209484 | |
| Grzegorz Grzybek | 2023-05-24 12:03:38 UTC | Doc Type | --- | If docs needed, set a value |
| CC | ggrzybek | |||
| RaTasha Tillery-Smith | 2023-05-24 12:49:46 UTC | Doc Text | A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This requires Spring MVC to have auto-configuration enabled and the application to make use of Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy which caches 404 responses. This issue may allow a Denial of Service (DoS) attack. | A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot's welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack. |
| Red Hat Bugzilla | 2023-05-31 22:25:05 UTC | CC | rsynek | |
| errata-xmlrpc | 2023-06-15 15:24:22 UTC | Link ID | Red Hat Product Errata RHSA-2023:3641 | |
| errata-xmlrpc | 2023-06-21 14:32:38 UTC | Link ID | Red Hat Product Errata RHSA-2023:3740 | |
| Product Security DevOps Team | 2023-06-22 00:40:34 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-06-22 00:40:34 UTC | |||
| errata-xmlrpc | 2023-06-29 20:08:45 UTC | Link ID | Red Hat Product Errata RHSA-2023:3954 | |
| errata-xmlrpc | 2023-07-18 13:50:35 UTC | Link ID | Red Hat Product Errata RHSA-2023:4200 |
Back to bug 2209342