Bug 1388240 (CVE-2016-8627)
Summary: | CVE-2016-8627 admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Bharti Kundal <bkundal> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bbaranow, bmaxwell, cdewolf, csutherl, dandread, darran.lofthouse, dosoudil, fnasser, jason.greene, jawilson, jshepherd, krathod, lgao, myarboro, pslavice, rnetuka, rsvoboda, security-response-team, twalsh, vtunka |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | admin-cli 3.0.0.Alpha25, admin-cli 2.2.1.CR2 | Doc Type: | If docs needed, set a value |
Doc Text: |
An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-21 11:47:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1388986, 1388987 | ||
Bug Blocks: | 1381143, 1413131, 1520314 |
Description
Bharti Kundal
2016-10-24 19:50:33 UTC
Acknowledgments: Name: Darran Lofthouse (Red Hat), Brian Stansberry (Red Hat) This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 Via RHSA-2017:0172 https://rhn.redhat.com/errata/RHSA-2017-0172.html This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Via RHSA-2017:0171 https://rhn.redhat.com/errata/RHSA-2017-0171.html This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2017:0170 https://rhn.redhat.com/errata/RHSA-2017-0170.html This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Via RHSA-2017:0173 https://rhn.redhat.com/errata/RHSA-2017-0173.html This issue has been addressed in the following products: Via RHSA-2017:0247 https://rhn.redhat.com/errata/RHSA-2017-0247.html This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Via RHSA-2017:0246 https://rhn.redhat.com/errata/RHSA-2017-0246.html This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Via RHSA-2017:0245 https://rhn.redhat.com/errata/RHSA-2017-0245.html This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Via RHSA-2017:0244 https://rhn.redhat.com/errata/RHSA-2017-0244.html This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Via RHSA-2017:0250 https://rhn.redhat.com/errata/RHSA-2017-0250.html This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3456 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3454 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Via RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3455 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2017:3458 |