Bug 1372117 (CVE-2016-6345)
Summary: | CVE-2016-6345 RESTEasy: Insufficient use of random values in RESTEasy async jobs could lead to loss of data confidentiality | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jason Shepherd <jshepherd> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | 870022574, aileenc, alazarot, alee, aszczucz, bbaranow, bcourt, bdawidow, bkearney, bmaxwell, bmcclain, cbillett, cdewolf, chazlett, csutherl, dandread, darran.lofthouse, dosoudil, drieden, eedri, epp-bugs, etirelli, fnasser, gvarsami, huwang, java-sig-commits, jawilson, jboss-set, jcoleman, jdg-bugs, jmatthew, jolee, jpallich, jshepherd, katello-bugs, kverlaen, ldimaggi, lgao, lsurette, lzap, mbaluch, mgoldboi, mhulan, michal.skrivanek, mmccune, mstead, mweiler, mwinkler, myarboro, nwallace, ohadlevy, pdrozd, pkliczew, pslavice, puntogil, rcernich, rnetuka, rrajasek, rsvoboda, rwagner, rzhang, satellite6-bugs, soa-p-jira, sthorger, tcunning, theute, tkirby, tlestach, tomckay, tsanders, ttarrant, twalsh, vtunka, weli, ykaul |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | resteasy 3.1.0.CR1, resteasy 3.0.20.Final | Doc Type: | If docs needed, set a value |
Doc Text: |
It was found that there was insufficient use of randam values in RESTEasy async jobs. An attacker could use this flaw to steal user data.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-21 00:54:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1372118, 1471273, 1471274, 1480769, 1914368 | ||
Bug Blocks: | 1371804, 1372141, 1372565, 1372568, 1372571 |
Description
Jason Shepherd
2016-09-01 00:30:16 UTC
Acknowledgments: Name: Mikhail Egorov (Odin) Created resteasy tracking bugs for this issue: Affects: fedora-all [bug 1372118] Mitigation: Don't enable Async Jobs Service as details in the section, "2.10. RESTEASY ASYNCHRONOUS JOB SERVICE" of JBoss EAP 7 Developing Web Services Applications documentation: https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/7.0/paged/developing-web-services-applications/chapter-2-developing-jax-rs-web-services Created resteasy tracking bugs for this issue: Affects: fedora-all [bug 1471273] Created resteasy tracking bugs for this issue: Affects: fedora-all [bug 1480769] |