Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1388240 - (CVE-2016-8627) CVE-2016-8627 admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files
CVE-2016-8627 admin-cli: Potential EAP resource starvation DOS attack via GET...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20170118,repor...
: Security
Depends On: 1388986 1388987
Blocks: 1381143 1413131 1520314
  Show dependency treegraph
 
Reported: 2016-10-24 15:50 EDT by Bharti Kundal
Modified: 2018-10-19 17:37 EDT (History)
21 users (show)

See Also:
Fixed In Version: admin-cli 3.0.0.Alpha25, admin-cli 2.2.1.CR2
Doc Type: If docs needed, set a value
Doc Text:
An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0170 normal SHIPPED_LIVE Moderate: JBoss Enterprise Application Platform 7.0.4 on RHEL 6 2017-01-20 15:58:37 EST
Red Hat Product Errata RHSA-2017:0171 normal SHIPPED_LIVE Moderate: JBoss Enterprise Application Platform 7.0.4 for RHEL 7 2017-01-20 15:58:12 EST
Red Hat Product Errata RHSA-2017:0172 normal SHIPPED_LIVE Moderate: Red Hat JBoss Enterprise Application Platform 7.0.4 2017-01-18 20:40:13 EST
Red Hat Product Errata RHSA-2017:0173 normal SHIPPED_LIVE Moderate: eap7-jboss-ec2-eap security update 2017-01-20 16:06:12 EST
Red Hat Product Errata RHSA-2017:0244 normal SHIPPED_LIVE Important: Red Hat JBoss Enterprise Application Platform security update 2017-02-02 20:39:38 EST
Red Hat Product Errata RHSA-2017:0245 normal SHIPPED_LIVE Important: Red Hat JBoss Enterprise Application Platform security update 2017-02-02 20:36:51 EST
Red Hat Product Errata RHSA-2017:0246 normal SHIPPED_LIVE Important: Red Hat JBoss Enterprise Application Platform security update 2017-02-02 20:33:58 EST
Red Hat Product Errata RHSA-2017:0247 normal SHIPPED_LIVE Moderate: Red Hat JBoss Enterprise Application Platform security update 2017-05-02 21:58:19 EDT
Red Hat Product Errata RHSA-2017:0250 normal SHIPPED_LIVE Important: jboss-ec2-eap security, bug fix, and enhancement update 2017-02-02 21:03:53 EST
Red Hat Product Errata RHSA-2017:3454 normal SHIPPED_LIVE Important: Red Hat JBoss Enterprise Application Platform 7.1.0 security update 2017-12-13 17:48:09 EST
Red Hat Product Errata RHSA-2017:3455 normal SHIPPED_LIVE Important: Red Hat JBoss Enterprise Application Platform 7.1.0 security update 2017-12-13 17:57:25 EST
Red Hat Product Errata RHSA-2017:3456 normal SHIPPED_LIVE Important: Red Hat JBoss Enterprise Application Platform 7.1.0 security update 2017-12-13 17:31:03 EST
Red Hat Product Errata RHSA-2017:3458 normal SHIPPED_LIVE Important: eap7-jboss-ec2-eap security update 2017-12-13 18:26:13 EST

  None (edit)
Description Bharti Kundal 2016-10-24 15:50:33 EDT
Potential EAP resource starvation DOS attack via GET requests for server log files
Comment 3 Bharti Kundal 2017-01-16 14:57:21 EST
Acknowledgments:

Name: Darran Lofthouse (Red Hat), Brian Stansberry (Red Hat)
Comment 4 errata-xmlrpc 2017-01-18 15:40:51 EST
This issue has been addressed in the following products:

   Red Hat JBoss Enterprise Application Platform 7.0

Via RHSA-2017:0172 https://rhn.redhat.com/errata/RHSA-2017-0172.html
Comment 5 errata-xmlrpc 2017-01-18 16:54:26 EST
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7

Via RHSA-2017:0171 https://rhn.redhat.com/errata/RHSA-2017-0171.html
Comment 6 errata-xmlrpc 2017-01-18 16:54:48 EST
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6

Via RHSA-2017:0170 https://rhn.redhat.com/errata/RHSA-2017-0170.html
Comment 7 errata-xmlrpc 2017-01-18 17:12:52 EST
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6
  Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7

Via RHSA-2017:0173 https://rhn.redhat.com/errata/RHSA-2017-0173.html
Comment 16 errata-xmlrpc 2017-02-02 15:23:54 EST
This issue has been addressed in the following products:



Via RHSA-2017:0247 https://rhn.redhat.com/errata/RHSA-2017-0247.html
Comment 17 errata-xmlrpc 2017-02-02 15:44:40 EST
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5

Via RHSA-2017:0246 https://rhn.redhat.com/errata/RHSA-2017-0246.html
Comment 18 errata-xmlrpc 2017-02-02 15:45:49 EST
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7

Via RHSA-2017:0245 https://rhn.redhat.com/errata/RHSA-2017-0245.html
Comment 19 errata-xmlrpc 2017-02-02 15:46:59 EST
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6

Via RHSA-2017:0244 https://rhn.redhat.com/errata/RHSA-2017-0244.html
Comment 20 errata-xmlrpc 2017-02-02 16:04:29 EST
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6

Via RHSA-2017:0250 https://rhn.redhat.com/errata/RHSA-2017-0250.html
Comment 21 errata-xmlrpc 2017-12-13 12:34:02 EST
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3456
Comment 22 errata-xmlrpc 2017-12-13 13:20:33 EST
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6

Via RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3454
Comment 23 errata-xmlrpc 2017-12-13 13:41:56 EST
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7

Via RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3455
Comment 24 errata-xmlrpc 2017-12-13 13:48:21 EST
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7
  Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6

Via RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2017:3458

Note You need to log in before you can comment on or make changes to this bug.