Back to bug 720948
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jan Lieskovsky | 2011-07-13 10:25:25 UTC | CC | alee, awnuk, cfu, dknox, jdennis, jmagne, jpazdziora, mharmsen, pcheung | |
| Jan Lieskovsky | 2011-07-13 10:26:04 UTC | Whiteboard | public=20110901,reported=20110712,source=secalert,impact=moderate,cvss2=3.3/AV:L/AC:M/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=new,certificate_system_7.3/Other=new,rhn_satellite_5.4/Server=new,jbews-1/Red Hat Enterprise Linux 4=new jbews-1/Red Hat Enterprise Linux 5=new,fedora-all/tomcat5=new,rhel-6/tomcat6=new,fedora-all/tomcat6=new | public=no,reported=20110712,source=secalert,impact=moderate,cvss2=3.3/AV:L/AC:M/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=new,certificate_system_7.3/Other=new,rhn_satellite_5.4/Server=new,jbews-1/Red Hat Enterprise Linux 4=new jbews-1/Red Hat Enterprise Linux 5=new,fedora-all/tomcat5=new,rhel-6/tomcat6=new,fedora-all/tomcat6=new |
| Jan Lieskovsky | 2011-07-13 10:49:39 UTC | Whiteboard | public=no,reported=20110712,source=secalert,impact=moderate,cvss2=3.3/AV:L/AC:M/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=new,certificate_system_7.3/Other=new,rhn_satellite_5.4/Server=new,jbews-1/Red Hat Enterprise Linux 4=new jbews-1/Red Hat Enterprise Linux 5=new,fedora-all/tomcat5=new,rhel-6/tomcat6=new,fedora-all/tomcat6=new | public=no,reported=20110712,source=secalert,impact=moderate,cvss2=3.3/AV:L/AC:M/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=new,certificate_system_7.3/Other=new,rhn_satellite_5.4/Server=new,jbews-1/Red Hat Enterprise Linux 4=new jbews-1/Red Hat Enterprise Linux 5=new,fedora-all/tomcat5=new,rhel-6/tomcat6=new,fedora-all/tomcat6=new,RHDS3/Platform=new |
| Jan Lieskovsky | 2011-07-13 10:49:47 UTC | CC | tromey | |
| Jan Lieskovsky | 2011-07-13 11:21:18 UTC | Blocks | 720970 | |
| Jan Lieskovsky | 2011-07-13 16:25:33 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2011-2526 tomcat5, tomcat6: Certain server files exposure and JVM crash via crafted web application running under security manager | CVE-2011-2526 tomcat5, tomcat6: Certain server files exposure and JVM crash via crafted web application running under security manager | ||
| Whiteboard | public=no,reported=20110712,source=secalert,impact=moderate,cvss2=3.3/AV:L/AC:M/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=new,certificate_system_7.3/Other=new,rhn_satellite_5.4/Server=new,jbews-1/Red Hat Enterprise Linux 4=new jbews-1/Red Hat Enterprise Linux 5=new,fedora-all/tomcat5=new,rhel-6/tomcat6=new,fedora-all/tomcat6=new,RHDS3/Platform=new | public=20110713,reported=20110712,source=secalert,impact=moderate,cvss2=3.3/AV:L/AC:M/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=new,certificate_system_7.3/Other=new,rhn_satellite_5.4/Server=new,jbews-1/Red Hat Enterprise Linux 4=new jbews-1/Red Hat Enterprise Linux 5=new,fedora-all/tomcat5=new,rhel-6/tomcat6=new,fedora-all/tomcat6=new,RHDS3/Platform=new | ||
| Jan Lieskovsky | 2011-07-13 16:41:11 UTC | Whiteboard | public=20110713,reported=20110712,source=secalert,impact=moderate,cvss2=3.3/AV:L/AC:M/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=new,certificate_system_7.3/Other=new,rhn_satellite_5.4/Server=new,jbews-1/Red Hat Enterprise Linux 4=new jbews-1/Red Hat Enterprise Linux 5=new,fedora-all/tomcat5=new,rhel-6/tomcat6=new,fedora-all/tomcat6=new,RHDS3/Platform=new | public=20110713,reported=20110712,source=secalert,impact=moderate,cvss2=3.3/AV:L/AC:M/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=new,certificate_system_7.3/Other=new,rhn_satellite_5.4/Server=new,jbews-1/Red Hat Enterprise Linux 4=new jbews-1/Red Hat Enterprise Linux 5=new,fedora-all/tomcat5=new,rhel-6/tomcat6=new,fedora-all/tomcat6=affected,RHDS3/Platform=new |
| Jan Lieskovsky | 2011-07-13 16:41:43 UTC | Whiteboard | public=20110713,reported=20110712,source=secalert,impact=moderate,cvss2=3.3/AV:L/AC:M/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=new,certificate_system_7.3/Other=new,rhn_satellite_5.4/Server=new,jbews-1/Red Hat Enterprise Linux 4=new jbews-1/Red Hat Enterprise Linux 5=new,fedora-all/tomcat5=new,rhel-6/tomcat6=new,fedora-all/tomcat6=affected,RHDS3/Platform=new | public=20110713,reported=20110712,source=secalert,impact=moderate,cvss2=3.3/AV:L/AC:M/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=new,certificate_system_7.3/Other=new,rhn_satellite_5.4/Server=new,jbews-1/Red Hat Enterprise Linux 4=new jbews-1/Red Hat Enterprise Linux 5=new,fedora-all/tomcat5=affected,rhel-6/tomcat6=new,fedora-all/tomcat6=affected,RHDS3/Platform=new |
| Jan Lieskovsky | 2011-07-13 16:43:22 UTC | Depends On | 721086 | |
| Jan Lieskovsky | 2011-07-13 16:43:30 UTC | Depends On | 721087 | |
| David Knox | 2011-07-13 17:29:26 UTC | Status | NEW | ASSIGNED |
| David Jorm | 2011-07-18 05:55:43 UTC | Priority | medium | low |
| CC | djorm | |||
| Whiteboard | public=20110713,reported=20110712,source=secalert,impact=moderate,cvss2=3.3/AV:L/AC:M/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=new,certificate_system_7.3/Other=new,rhn_satellite_5.4/Server=new,jbews-1/Red Hat Enterprise Linux 4=new jbews-1/Red Hat Enterprise Linux 5=new,fedora-all/tomcat5=affected,rhel-6/tomcat6=new,fedora-all/tomcat6=affected,RHDS3/Platform=new | public=20110713,reported=20110712,source=secalert,impact=low,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=new,certificate_system_7.3/Other=new,rhn_satellite_5.4/Server=new,jbews-1/Red Hat Enterprise Linux 4=new jbews-1/Red Hat Enterprise Linux 5=new,fedora-all/tomcat5=affected,rhel-6/tomcat6=new,fedora-all/tomcat6=affected,RHDS3/Platform=new | ||
| Severity | medium | low | ||
| David Jorm | 2011-07-29 02:22:50 UTC | Whiteboard | public=20110713,reported=20110712,source=secalert,impact=low,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=new,certificate_system_7.3/Other=new,rhn_satellite_5.4/Server=new,jbews-1/Red Hat Enterprise Linux 4=new jbews-1/Red Hat Enterprise Linux 5=new,fedora-all/tomcat5=affected,rhel-6/tomcat6=new,fedora-all/tomcat6=affected,RHDS3/Platform=new | public=20110713,reported=20110712,source=secalert,impact=low,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=notaffected,certificate_system_7.3/Other=notaffected,rhn_satellite_5.4/Server=notaffected,jbews-1/Red Hat Enterprise Linux 4=defer jbews-1/Red Hat Enterprise Linux 5=defer,fedora-all/tomcat5=affected,rhel-6/tomcat6=defer,fedora-all/tomcat6=affected,RHDS3/Platform=notaffected |
| Luke Schierer | 2011-08-25 17:39:47 UTC | CC | luke-redhat | |
| David Jorm | 2011-09-15 06:13:14 UTC | Whiteboard | public=20110713,reported=20110712,source=secalert,impact=low,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=notaffected,certificate_system_7.3/Other=notaffected,rhn_satellite_5.4/Server=notaffected,jbews-1/Red Hat Enterprise Linux 4=defer jbews-1/Red Hat Enterprise Linux 5=defer,fedora-all/tomcat5=affected,rhel-6/tomcat6=defer,fedora-all/tomcat6=affected,RHDS3/Platform=notaffected | public=20110713,reported=20110712,source=secalert,impact=low,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=notaffected,certificate_system_7.3/Other=notaffected,rhn_satellite_5.4/Server=notaffected,jbews-1-el4/Red Hat Enterprise Linux 4=affected jbews-1-el5/Red Hat Enterprise Linux 5=affected,jbews-1-el6/Red Hat Enterprise Linux 6=affected,fedora-all/tomcat5=affected,rhel-6/tomcat6=affected,fedora-all/tomcat6=affected,RHDS3/Platform=notaffected |
| David Jorm | 2011-09-15 06:14:37 UTC | Depends On | 738535 | |
| David Jorm | 2011-09-15 06:14:47 UTC | Depends On | 738536 | |
| David Jorm | 2011-09-15 06:14:57 UTC | Depends On | 738537 | |
| David Jorm | 2011-09-15 06:15:12 UTC | Depends On | 738538 | |
| David Jorm | 2011-09-15 06:15:25 UTC | Depends On | 738540 | |
| Tomas Hoger | 2011-09-16 07:08:15 UTC | Whiteboard | public=20110713,reported=20110712,source=secalert,impact=low,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=notaffected,certificate_system_7.3/Other=notaffected,rhn_satellite_5.4/Server=notaffected,jbews-1-el4/Red Hat Enterprise Linux 4=affected jbews-1-el5/Red Hat Enterprise Linux 5=affected,jbews-1-el6/Red Hat Enterprise Linux 6=affected,fedora-all/tomcat5=affected,rhel-6/tomcat6=affected,fedora-all/tomcat6=affected,RHDS3/Platform=notaffected | impact=low,public=20110713,reported=20110712,source=secalert,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=notaffected,fedora-all/tomcat5=affected,rhel-6/tomcat6=affected,fedora-all/tomcat6=affected,jbews-1/tomcat5=affected,jbews-1/tomcat6=affected certificate_system_7.3/Other=notaffected,rhn_satellite_5.4/Server=notaffected,RHDS3/Platform=notaffected |
| Jan Ščotka | 2011-09-21 11:39:31 UTC | CC | jscotka | |
| Flags | needinfo? | |||
| David Jorm | 2011-09-22 07:57:06 UTC | Flags | needinfo? | |
| Vincent Danen | 2011-09-23 03:51:07 UTC | CC | vdanen | |
| Fixed In Version | tomcat 5.5.34, tomcat 6.0.33 | |||
| Tomas Hoger | 2011-09-27 08:03:32 UTC | Depends On | 738538 | |
| Tomas Hoger | 2011-09-27 08:03:51 UTC | Depends On | 738540 | |
| Tomas Hoger | 2011-09-27 08:05:37 UTC | Depends On | 738503 | |
| Tomas Hoger | 2011-09-27 08:06:07 UTC | Depends On | 738504 | |
| Tomas Hoger | 2011-09-27 08:23:46 UTC | Summary | CVE-2011-2526 tomcat5, tomcat6: Certain server files exposure and JVM crash via crafted web application running under security manager | CVE-2011-2526 tomcat: security manager restrictions bypass |
| Tomas Hoger | 2011-09-27 08:59:22 UTC | Depends On | 738535 | |
| Tomas Hoger | 2011-09-27 09:00:22 UTC | Depends On | 738536 | |
| Tomas Hoger | 2011-09-27 09:01:00 UTC | Depends On | 738537 | |
| Tomas Hoger | 2011-09-27 09:04:53 UTC | Depends On | 738505 | |
| Tomas Hoger | 2011-09-27 09:05:18 UTC | Depends On | 738506 | |
| Tomas Hoger | 2011-09-27 09:05:26 UTC | Depends On | 738507 | |
| David Knox | 2011-10-31 16:11:10 UTC | Status | ASSIGNED | MODIFIED |
| Fixed In Version | tomcat 5.5.34, tomcat 6.0.33 | tomcat5-5.5.23-0jpp.21+ | ||
| David Knox | 2011-10-31 16:11:47 UTC | Fixed In Version | tomcat5-5.5.23-0jpp.21+ | |
| Gary Anderson | 2011-12-23 15:19:41 UTC | CC | gary.p.anderson | |
| David Jorm | 2012-02-20 06:03:42 UTC | Blocks | 795277 | |
| hfnukal | 2012-03-13 08:56:42 UTC | See Also | https://bugzilla.redhat.com/show_bug.cgi?id=794382 | |
| Tomas Hoger | 2012-03-13 09:04:41 UTC | Status | MODIFIED | NEW |
| David Jorm | 2012-04-05 03:22:22 UTC | Blocks | 810065 | |
| Coty Sutherland | 2012-05-01 16:43:24 UTC | CC | csutherl | |
| Ian Springer | 2012-05-22 16:13:08 UTC | See Also | https://bugzilla.redhat.com/show_bug.cgi?id=758931 | |
| David Jorm | 2012-05-23 01:57:44 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2012-05-22 21:57:44 UTC | |||
| Adam Mariš | 2015-07-31 14:08:20 UTC | CC | amaris | |
| Whiteboard | impact=low,public=20110713,reported=20110712,source=secalert,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=notaffected,fedora-all/tomcat5=affected,rhel-6/tomcat6=affected,fedora-all/tomcat6=affected,jbews-1/tomcat5=affected,jbews-1/tomcat6=affected,certificate_system_7.3/Other=notaffected,rhn_satellite_5.4/Server=notaffected,RHDS3/Platform=notaffected | impact=low,public=20110713,reported=20110712,source=redhat,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=notaffected,fedora-all/tomcat5=affected,rhel-6/tomcat6=affected,fedora-all/tomcat6=affected,jbews-1/tomcat5=affected,jbews-1/tomcat6=affected,certificate_system_7.3/Other=notaffected,rhn_satellite_5.4/Server=notaffected,RHDS3/Platform=notaffected | ||
| Adam Mariš | 2015-07-31 14:08:33 UTC | Whiteboard | impact=low,public=20110713,reported=20110712,source=redhat,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=notaffected,fedora-all/tomcat5=affected,rhel-6/tomcat6=affected,fedora-all/tomcat6=affected,jbews-1/tomcat5=affected,jbews-1/tomcat6=affected,certificate_system_7.3/Other=notaffected,rhn_satellite_5.4/Server=notaffected,RHDS3/Platform=notaffected | impact=low,public=20110713,reported=20110712,source=customer,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=notaffected,fedora-all/tomcat5=affected,rhel-6/tomcat6=affected,fedora-all/tomcat6=affected,jbews-1/tomcat5=affected,jbews-1/tomcat6=affected,certificate_system_7.3/Other=notaffected,rhn_satellite_5.4/Server=notaffected,RHDS3/Platform=notaffected |
| Adam Mariš | 2016-11-08 16:16:21 UTC | CC | amaris | |
| Product Security DevOps Team | 2019-09-29 12:45:43 UTC | Whiteboard | impact=low,public=20110713,reported=20110712,source=customer,cvss2=2.6/AV:L/AC:H/Au:N/C:P/I:N/A:P,rhel-5/tomcat5=notaffected,fedora-all/tomcat5=affected,rhel-6/tomcat6=affected,fedora-all/tomcat6=affected,jbews-1/tomcat5=affected,jbews-1/tomcat6=affected,certificate_system_7.3/Other=notaffected,rhn_satellite_5.4/Server=notaffected,RHDS3/Platform=notaffected |
Back to bug 720948