Bug 883634 (CVE-2012-3546)
Summary: | CVE-2012-3546 Tomcat/JBoss Web: Bypass of security constraints | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Arun Babu Neelicattu <aneelica> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | djorm, grocha, jstefl, lgao, mjc, pcheung |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-03-12 23:55:55 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 883702, 883704, 883705, 883706, 883707, 883708, 883709, 883710, 883711, 883712, 883713, 883714, 883715, 892849, 892851, 892852, 895771, 896527, 901352, 903925, 913034, 913035, 913036, 915189, 1014384 | ||
Bug Blocks: | 789173, 835396, 849517, 883656, 903405 |
Description
Arun Babu Neelicattu
2012-12-05 03:24:29 UTC
Created tomcat6 tracking bugs for this issue Affects: fedora-all [bug 883702] Created tomcat tracking bugs for this issue Affects: fedora-all [bug 883704] tomcat-7.0.33-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: JBEWS 2 for RHEL 6 JBEWS 2 for RHEL 5 Via RHSA-2013:0005 https://rhn.redhat.com/errata/RHSA-2013-0005.html This issue has been addressed in following products: JBoss Enterprise Web Server 2.0.0 Via RHSA-2013:0004 https://rhn.redhat.com/errata/RHSA-2013-0004.html This issue has been addressed in following products: JBEAP 4.3.0 for RHEL 4 JBEAP 4.3.0 for RHEL 5 Via RHSA-2013:0147 https://rhn.redhat.com/errata/RHSA-2013-0147.html This issue has been addressed in following products: JBoss Enterprise Application Platform 4.3.0 CP10 Via RHSA-2013:0146 https://rhn.redhat.com/errata/RHSA-2013-0146.html This issue has been addressed in following products: JBoss Enterprise Portal Platform 4.3.0 CP07 Via RHSA-2013:0151 https://rhn.redhat.com/errata/RHSA-2013-0151.html This issue has been addressed in following products: JBoss Enterprise Web Server 1.0.2 Via RHSA-2013:0157 https://rhn.redhat.com/errata/RHSA-2013-0157.html This issue has been addressed in following products: JBEWS 1.0 for RHEL 5 JBEWS 1.0 for RHEL 6 Via RHSA-2013:0158 https://rhn.redhat.com/errata/RHSA-2013-0158.html This issue has been addressed in following products: JBEAP 6 for RHEL 6 JBEAP 6 for RHEL 5 Via RHSA-2013:0164 https://rhn.redhat.com/errata/RHSA-2013-0164.html This issue has been addressed in following products: JBoss Enterprise Application Platform 6.0.1 Via RHSA-2013:0163 https://rhn.redhat.com/errata/RHSA-2013-0163.html This issue has been addressed in following products: JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 Via RHSA-2013:0162 https://rhn.redhat.com/errata/RHSA-2013-0162.html This issue has been addressed in following products: JBoss Enterprise Application Platform 5.2.0 Via RHSA-2013:0194 https://rhn.redhat.com/errata/RHSA-2013-0194.html This issue has been addressed in following products: JBEAP 5 for RHEL 5 Via RHSA-2013:0192 https://rhn.redhat.com/errata/RHSA-2013-0192.html This issue has been addressed in following products: JBEAP 5 for RHEL 6 Via RHSA-2013:0191 https://rhn.redhat.com/errata/RHSA-2013-0191.html This issue has been addressed in following products: JBEWP 5 for RHEL 6 Via RHSA-2013:0195 https://rhn.redhat.com/errata/RHSA-2013-0195.html This issue has been addressed in following products: JBEAP 5 for RHEL 4 Via RHSA-2013:0193 https://rhn.redhat.com/errata/RHSA-2013-0193.html This issue has been addressed in following products: JBEWP 5 for RHEL 4 Via RHSA-2013:0197 https://rhn.redhat.com/errata/RHSA-2013-0197.html This issue has been addressed in following products: JBEWP 5 for RHEL 5 Via RHSA-2013:0196 https://rhn.redhat.com/errata/RHSA-2013-0196.html This issue has been addressed in following products: JBoss Enterprise Web Platform 5.2.0 Via RHSA-2013:0198 https://rhn.redhat.com/errata/RHSA-2013-0198.html This issue has been addressed in following products: JBoss Enterprise BRMS Platform 5.3.1 Via RHSA-2013:0221 https://rhn.redhat.com/errata/RHSA-2013-0221.html This issue has been addressed in following products: JBoss Enterprise Portal Platform 5.2.2 JBoss Enterprise SOA Platform 5.3.0 Via RHSA-2013:0235 https://rhn.redhat.com/errata/RHSA-2013-0235.html Statement: Tomcat 5.5 has reached the end of its supported upstream life-cycle, and the Apache Tomcat project no longer tests security flaws to determine whether they affect Tomcat 5.5. Red Hat has tested tomcat 5.5 as shipped with Red Hat Enterprise Linux 5 and JBoss Enterprise Web Server 1, and found that it is affected by this flaw. Patches for tomcat 5.5 to address this flaw have been provided. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0623 https://rhn.redhat.com/errata/RHSA-2013-0623.html This issue has been addressed in following products: JBoss Enterprise Web Server 1.0.2 Via RHSA-2013:0642 https://rhn.redhat.com/errata/RHSA-2013-0642.html This issue has been addressed in following products: JBEWS 1.0 for RHEL 5 JBEWS 1.0 for RHEL 6 Via RHSA-2013:0641 https://rhn.redhat.com/errata/RHSA-2013-0641.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:0640 https://rhn.redhat.com/errata/RHSA-2013-0640.html |