Action not permitted
Modal body text goes here.
CVE-2007-4465
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T14:53:56.077Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2008:0005", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html" }, { "name": "3113", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/3113" }, { "name": "28749", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28749" }, { "name": "oval:org.mitre.oval:def:6089", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089" }, { "name": "HPSBUX02465", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "name": "26952", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26952" }, { "name": "31651", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31651" }, { "name": "SSRT090085", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "name": "25653", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/25653" }, { "name": "27563", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27563" }, { "name": "27732", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/27732" }, { "name": "1019194", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1019194" }, { "name": "RHSA-2007:0911", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html" }, { "name": "RHSA-2008:0006", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html" }, { "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:10929", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929" }, { "name": "SSRT090192", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "name": "TA08-150A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "SUSE-SA:2007:061", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "name": "FEDORA-2007-2214", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" }, { "name": "RHSA-2008:0008", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html" }, { "name": "MDVSA-2008:014", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014" }, { "name": "HPSBUX02365", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432" }, { "name": "30430", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30430" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6" }, { "name": "APPLE-SA-2008-05-28", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm" }, { "name": "33105", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33105" }, { "name": "apache-utf7-xss(36586)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586" }, { "name": "28467", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28467" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html" }, { "name": "RHSA-2008:0004", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html" }, { "name": "28607", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28607" }, { "name": "GLSA-200711-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "name": "HPSBUX02431", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "name": "FEDORA-2007-707", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html" }, { "name": "28471", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28471" }, { "name": "ADV-2008-1697", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "tags": [ "third-party-advisory", "x_refsource_SREASONRES", "x_transferred" ], "url": "http://securityreason.com/achievement_securityalert/46" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "USN-575-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "name": "26842", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26842" }, { "name": "SSRT080118", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432" }, { "name": "35650", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35650" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-09-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2008:0005", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html" }, { "name": "3113", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/3113" }, { "name": "28749", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28749" }, { "name": "oval:org.mitre.oval:def:6089", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089" }, { "name": "HPSBUX02465", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "name": "26952", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26952" }, { "name": "31651", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31651" }, { "name": "SSRT090085", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "name": "25653", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/25653" }, { "name": "27563", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27563" }, { "name": "27732", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/27732" }, { "name": "1019194", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1019194" }, { "name": "RHSA-2007:0911", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html" }, { "name": "RHSA-2008:0006", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html" }, { "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:10929", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929" }, { "name": "SSRT090192", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "name": "TA08-150A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "SUSE-SA:2007:061", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "name": "FEDORA-2007-2214", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" }, { "name": "RHSA-2008:0008", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html" }, { "name": "MDVSA-2008:014", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014" }, { "name": "HPSBUX02365", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432" }, { "name": "30430", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30430" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6" }, { "name": "APPLE-SA-2008-05-28", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm" }, { "name": "33105", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33105" }, { "name": "apache-utf7-xss(36586)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586" }, { "name": "28467", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28467" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html" }, { "name": "RHSA-2008:0004", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html" }, { "name": "28607", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28607" }, { "name": "GLSA-200711-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "name": "HPSBUX02431", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "name": "FEDORA-2007-707", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html" }, { "name": "28471", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28471" }, { "name": "ADV-2008-1697", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "tags": [ "third-party-advisory", "x_refsource_SREASONRES" ], "url": "http://securityreason.com/achievement_securityalert/46" }, { "name": "RHSA-2008:0261", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "USN-575-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "name": "26842", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26842" }, { "name": "SSRT080118", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432" }, { "name": "35650", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35650" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4465", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2008:0005", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html" }, { "name": "3113", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3113" }, { "name": "28749", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28749" }, { "name": "oval:org.mitre.oval:def:6089", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089" }, { "name": "HPSBUX02465", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "name": "26952", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26952" }, { "name": "31651", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31651" }, { "name": "SSRT090085", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "name": "25653", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25653" }, { "name": "27563", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27563" }, { "name": "27732", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27732" }, { "name": "1019194", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019194" }, { "name": "RHSA-2007:0911", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html" }, { "name": "RHSA-2008:0006", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html" }, { "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:10929", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929" }, { "name": "SSRT090192", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "name": "TA08-150A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "SUSE-SA:2007:061", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "name": "FEDORA-2007-2214", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" }, { "name": "RHSA-2008:0008", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html" }, { "name": "MDVSA-2008:014", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014" }, { "name": "HPSBUX02365", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432" }, { "name": "30430", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30430" }, { "name": "http://www.apache.org/dist/httpd/CHANGES_2.2.6", "refsource": "CONFIRM", "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6" }, { "name": "APPLE-SA-2008-05-28", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm" }, { "name": "33105", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33105" }, { "name": "apache-utf7-xss(36586)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586" }, { "name": "28467", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28467" }, { "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html", "refsource": "CONFIRM", "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html" }, { "name": "RHSA-2008:0004", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html" }, { "name": "28607", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28607" }, { "name": "GLSA-200711-06", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "name": "HPSBUX02431", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "name": "FEDORA-2007-707", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html" }, { "name": "28471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28471" }, { "name": "ADV-2008-1697", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/46" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "USN-575-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "name": "26842", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26842" }, { "name": "SSRT080118", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432" }, { "name": "35650", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35650" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=186219", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4465", "datePublished": "2007-09-14T00:00:00", "dateReserved": "2007-08-21T00:00:00", "dateUpdated": "2024-08-07T14:53:56.077Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2007-4465\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-09-14T00:17:00.000\",\"lastModified\":\"2024-01-19T15:13:13.213\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mod_autoindex.c en el servidor HTTP Apache versiones anteriores a 2.2.6, cuando un juego de caracteres en una p\u00e1gina generada por el servidor no est\u00e1 definido, permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro P utilizando el juego de caracteres UTF-7.\\r\\nNOTA. Se podr\u00eda argumentar que este asunto se debe a una limitaci\u00f3n de dise\u00f1o de los navegadores que intentan realizar una detecci\u00f3n autom\u00e1tica de tipo de contenido.\"}],\"vendorComments\":[{\"organization\":\"Apache\",\"comment\":\"The Apache security team believe that this issue is due to web browsers that are violating RFC2616. \\n\\nHowever, Apache 2.2.6 and 2.0.61 add a workaround for such browsers by adding Type and Charset options to IndexOptions directive. This allows a site administrator to explicitly set the content-type and charset of the generated directory index page.\",\"lastModified\":\"2007-09-14T00:00:00\"},{\"organization\":\"Red Hat\",\"comment\":\"This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \u0026quot;AddDefaultCharset\u0026quot; directive and are using directory indexes. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. \\n\\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4465\\n\\n\",\"lastModified\":\"2007-09-18T00:00:00\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.0.61\",\"matchCriteriaId\":\"9C551481-3F93-4186-85B9-7B07D94B86D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndExcluding\":\"2.2.6\",\"matchCriteriaId\":\"D9EE889E-37B4-4DF6-8327-7D621E287F4F\"}]}]}],\"references\":[{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=186219\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2008//May/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/26842\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/26952\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/27563\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/27732\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/28467\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/28471\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/28607\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/28749\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/30430\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/31651\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/33105\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/35650\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200711-06.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securityreason.com/achievement_securityalert/46\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3113\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securitytracker.com/id?1019194\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.apache.org/dist/httpd/CHANGES_2.2.6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:014\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_61_apache2.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0911.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0004.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0005.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0006.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0008.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0261.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/archive/1/479237/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/25653\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-575-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-150A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1697\",\"source\":\"cve@mitre.org\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/36586\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2008_0524
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat Network Satellite Server version 4.2.3 is now available. This\nupdate includes fixes for a number of security issues in Red Hat Network\nSatellite Server components.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.", "title": "Topic" }, { "category": "general", "text": "This release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server 4.2. In\na typical operating environment, these components are not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws could\nresult in a cross-site scripting, denial-of-service, or information\ndisclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197,\nCVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nA denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nMultiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243,\nCVE-2007-2435, CVE-2007-2788, CVE-2007-2789)\n\nMultiple flaws were fixed in the OpenMotif package. (CVE-2004-0687,\nCVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Tomcat package. (CVE-2008-0128,\nCVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355,\nCVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195,\nCVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)\n\nUsers of Red Hat Network Satellite Server 4.2 are advised to upgrade to\n4.2.3, which resolves these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0524", "url": "https://access.redhat.com/errata/RHSA-2008:0524" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "449337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=449337" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0524.json" } ], "title": "Red Hat Security Advisory: Red Hat Network Satellite Server security update", "tracking": { "current_release_date": "2024-11-05T16:55:52+00:00", "generator": { "date": "2024-11-05T16:55:52+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2008:0524", "initial_release_date": "2008-06-30T15:33:00+00:00", "revision_history": [ { "date": "2008-06-30T15:33:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-06-30T11:33:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T16:55:52+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product": { "name": "Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNSAT4.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:4.2::el3" } } }, { "category": "product_name", "name": "Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product": { "name": "Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT4.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:4.2::el4" } } } ], "category": "product_family", "name": "Red Hat Satellite" }, { "branches": [ { "category": "product_version", "name": "jabberd-0:2.0s10-3.37.rhn.i386", "product": { "name": "jabberd-0:2.0s10-3.37.rhn.i386", "product_id": "jabberd-0:2.0s10-3.37.rhn.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/jabberd@2.0s10-3.37.rhn?arch=i386" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "product": { "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "product_id": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm-devel@1.4.2.10-1jpp.2.el3?arch=i386" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "product": { "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "product_id": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm@1.4.2.10-1jpp.2.el3?arch=i386" } } }, { "category": "product_version", "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "product": { "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "product_id": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modjk-ap13@1.2.23-2rhn.rhel3?arch=i386" } } }, { "category": "product_version", "name": "openmotif21-0:2.1.30-9.RHEL3.8.i386", "product": { "name": "openmotif21-0:2.1.30-9.RHEL3.8.i386", "product_id": "openmotif21-0:2.1.30-9.RHEL3.8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openmotif21@2.1.30-9.RHEL3.8?arch=i386" } } }, { "category": "product_version", "name": "openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "product": { "name": "openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "product_id": "openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openmotif21-debuginfo@2.1.30-9.RHEL3.8?arch=i386" } } }, { "category": "product_version", "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "product": { "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "product_id": "rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modssl@2.8.12-8.rhn.10.rhel3?arch=i386" } } }, { "category": "product_version", "name": "rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "product": { "name": "rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "product_id": "rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-apache@1.3.27-36.rhn.rhel3?arch=i386" } } }, { "category": "product_version", "name": "rhn-modperl-0:1.29-16.rhel3.i386", "product": { "name": "rhn-modperl-0:1.29-16.rhel3.i386", "product_id": "rhn-modperl-0:1.29-16.rhel3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modperl@1.29-16.rhel3?arch=i386" } } }, { "category": "product_version", "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "product": { "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "product_id": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modssl@2.8.12-8.rhn.10.rhel4?arch=i386" } } }, { "category": "product_version", "name": "jabberd-0:2.0s10-3.38.rhn.i386", "product": { "name": "jabberd-0:2.0s10-3.38.rhn.i386", "product_id": "jabberd-0:2.0s10-3.38.rhn.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/jabberd@2.0s10-3.38.rhn?arch=i386" } } }, { "category": "product_version", "name": "openmotif21-0:2.1.30-11.RHEL4.6.i386", "product": { "name": "openmotif21-0:2.1.30-11.RHEL4.6.i386", "product_id": "openmotif21-0:2.1.30-11.RHEL4.6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openmotif21@2.1.30-11.RHEL4.6?arch=i386" } } }, { "category": "product_version", "name": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "product": { "name": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "product_id": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openmotif21-debuginfo@2.1.30-11.RHEL4.6?arch=i386" } } }, { "category": "product_version", "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "product": { "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "product_id": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-apache@1.3.27-36.rhn.rhel4?arch=i386" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "product": { "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "product_id": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm@1.4.2.10-1jpp.2.el4?arch=i386" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "product": { "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "product_id": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm-devel@1.4.2.10-1jpp.2.el4?arch=i386" } } }, { "category": "product_version", "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "product": { "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "product_id": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modjk-ap13@1.2.23-2rhn.rhel4?arch=i386" } } }, { "category": "product_version", "name": "rhn-modperl-0:1.29-16.rhel4.i386", "product": { "name": "rhn-modperl-0:1.29-16.rhel4.i386", "product_id": "rhn-modperl-0:1.29-16.rhel4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modperl@1.29-16.rhel4?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "jfreechart-0:0.9.20-3.rhn.noarch", "product": { "name": "jfreechart-0:0.9.20-3.rhn.noarch", "product_id": "jfreechart-0:0.9.20-3.rhn.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jfreechart@0.9.20-3.rhn?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch", "product": { "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch", "product_id": "tomcat5-0:5.0.30-0jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "perl-Crypt-CBC-0:2.24-1.el3.noarch", "product": { "name": "perl-Crypt-CBC-0:2.24-1.el3.noarch", "product_id": "perl-Crypt-CBC-0:2.24-1.el3.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/perl-Crypt-CBC@2.24-1.el3?arch=noarch" } } }, { "category": "product_version", "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch", "product": { "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch", "product_id": "perl-Crypt-CBC-0:2.24-1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/perl-Crypt-CBC@2.24-1.el4?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jabberd-0:2.0s10-3.37.rhn.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386" }, "product_reference": "jabberd-0:2.0s10-3.37.rhn.i386", "relates_to_product_reference": "3AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386" }, "product_reference": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "relates_to_product_reference": "3AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386" }, "product_reference": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "relates_to_product_reference": "3AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "jfreechart-0:0.9.20-3.rhn.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch" }, "product_reference": "jfreechart-0:0.9.20-3.rhn.noarch", "relates_to_product_reference": "3AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "openmotif21-0:2.1.30-9.RHEL3.8.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386" }, "product_reference": "openmotif21-0:2.1.30-9.RHEL3.8.i386", "relates_to_product_reference": "3AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386" }, "product_reference": "openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "relates_to_product_reference": "3AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "perl-Crypt-CBC-0:2.24-1.el3.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch" }, "product_reference": "perl-Crypt-CBC-0:2.24-1.el3.noarch", "relates_to_product_reference": "3AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-apache-0:1.3.27-36.rhn.rhel3.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386" }, "product_reference": "rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "relates_to_product_reference": "3AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386" }, "product_reference": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "relates_to_product_reference": "3AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modperl-0:1.29-16.rhel3.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386" }, "product_reference": "rhn-modperl-0:1.29-16.rhel3.i386", "relates_to_product_reference": "3AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386" }, "product_reference": "rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "relates_to_product_reference": "3AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" }, "product_reference": "tomcat5-0:5.0.30-0jpp_10rh.noarch", "relates_to_product_reference": "3AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "jabberd-0:2.0s10-3.38.rhn.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386" }, "product_reference": "jabberd-0:2.0s10-3.38.rhn.i386", "relates_to_product_reference": "4AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386" }, "product_reference": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "relates_to_product_reference": "4AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386" }, "product_reference": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "relates_to_product_reference": "4AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "jfreechart-0:0.9.20-3.rhn.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch" }, "product_reference": "jfreechart-0:0.9.20-3.rhn.noarch", "relates_to_product_reference": "4AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "openmotif21-0:2.1.30-11.RHEL4.6.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386" }, "product_reference": "openmotif21-0:2.1.30-11.RHEL4.6.i386", "relates_to_product_reference": "4AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386" }, "product_reference": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "relates_to_product_reference": "4AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch" }, "product_reference": "perl-Crypt-CBC-0:2.24-1.el4.noarch", "relates_to_product_reference": "4AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386" }, "product_reference": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "relates_to_product_reference": "4AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386" }, "product_reference": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "relates_to_product_reference": "4AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modperl-0:1.29-16.rhel4.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386" }, "product_reference": "rhn-modperl-0:1.29-16.rhel4.i386", "relates_to_product_reference": "4AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386 as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386" }, "product_reference": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "relates_to_product_reference": "4AS-RHNSAT4.2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch as a component of Red Hat Satellite v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" }, "product_reference": "tomcat5-0:5.0.30-0jpp_10rh.noarch", "relates_to_product_reference": "4AS-RHNSAT4.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2004-0687", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430513" } ], "notes": [ { "category": "description", "text": "Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.", "title": "Vulnerability description" }, { "category": "summary", "text": "openmotif21 stack overflows in libxpm", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0687" }, { "category": "external", "summary": "RHBZ#430513", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430513" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0687", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0687" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0687", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0687" } ], "release_date": "2004-10-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openmotif21 stack overflows in libxpm" }, { "cve": "CVE-2004-0688", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430515" } ], "notes": [ { "category": "description", "text": "Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.", "title": "Vulnerability description" }, { "category": "summary", "text": "openmotif21 stack overflows in libxpm", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0688" }, { "category": "external", "summary": "RHBZ#430515", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430515" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0688", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0688" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0688", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0688" } ], "release_date": "2004-09-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openmotif21 stack overflows in libxpm" }, { "cve": "CVE-2004-0885", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430637" } ], "notes": [ { "category": "description", "text": "The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the \"SSLCipherSuite\" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_ssl SSLCipherSuite bypass", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0885" }, { "category": "external", "summary": "RHBZ#430637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430637" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0885", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0885" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0885", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0885" } ], "release_date": "2004-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mod_ssl SSLCipherSuite bypass" }, { "cve": "CVE-2004-0914", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430516" } ], "notes": [ { "category": "description", "text": "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE\u0027s content decisions.", "title": "Vulnerability description" }, { "category": "summary", "text": "openmotif21 stack overflows in libxpm", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0914" }, { "category": "external", "summary": "RHBZ#430516", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430516" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0914", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0914" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0914", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0914" } ], "release_date": "2004-09-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openmotif21 stack overflows in libxpm" }, { "cve": "CVE-2005-0605", "discovery_date": "2005-02-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430520" } ], "notes": [ { "category": "description", "text": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxpm buffer overflow", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-0605" }, { "category": "external", "summary": "RHBZ#430520", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430520" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-0605", "url": "https://www.cve.org/CVERecord?id=CVE-2005-0605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-0605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0605" } ], "release_date": "2005-03-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxpm buffer overflow" }, { "cve": "CVE-2005-2090", "discovery_date": "2005-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237079" } ], "notes": [ { "category": "description", "text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat multiple content-length header poisioning", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-2090" }, { "category": "external", "summary": "RHBZ#237079", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090", "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090" } ], "release_date": "2005-06-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat multiple content-length header poisioning" }, { "cve": "CVE-2005-3510", "discovery_date": "2005-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237085" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat DoS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-3510" }, { "category": "external", "summary": "RHBZ#237085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510", "url": "https://www.cve.org/CVERecord?id=CVE-2005-3510" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510" } ], "release_date": "2005-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat DoS" }, { "cve": "CVE-2005-3964", "discovery_date": "2005-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430519" } ], "notes": [ { "category": "description", "text": "Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.", "title": "Vulnerability description" }, { "category": "summary", "text": "openmotif libUil buffer overflows", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-3964" }, { "category": "external", "summary": "RHBZ#430519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430519" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3964", "url": "https://www.cve.org/CVERecord?id=CVE-2005-3964" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3964", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3964" } ], "release_date": "2005-12-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openmotif libUil buffer overflows" }, { "cve": "CVE-2005-4838", "discovery_date": "2005-01-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "238401" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat manager example DoS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-4838" }, { "category": "external", "summary": "RHBZ#238401", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238401" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-4838", "url": "https://www.cve.org/CVERecord?id=CVE-2005-4838" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-4838", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4838" } ], "release_date": "2005-01-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat manager example DoS" }, { "cve": "CVE-2006-0254", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2006-01-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430646" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat examples XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-0254" }, { "category": "external", "summary": "RHBZ#430646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430646" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0254", "url": "https://www.cve.org/CVERecord?id=CVE-2006-0254" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0254", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0254" } ], "release_date": "2006-01-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat examples XSS" }, { "cve": "CVE-2006-0898", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430522" } ], "notes": [ { "category": "description", "text": "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.", "title": "Vulnerability description" }, { "category": "summary", "text": "perl-Crypt-CBC weaker encryption with some ciphers", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-0898" }, { "category": "external", "summary": "RHBZ#430522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430522" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0898", "url": "https://www.cve.org/CVERecord?id=CVE-2006-0898" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0898", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0898" } ], "release_date": "2006-02-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "perl-Crypt-CBC weaker encryption with some ciphers" }, { "cve": "CVE-2006-1329", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "429254" } ], "notes": [ { "category": "description", "text": "The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service (\"c2s segfault\") by sending a \"response stanza before an auth stanza\".", "title": "Vulnerability description" }, { "category": "summary", "text": "jabberd SASL DoS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-1329" }, { "category": "external", "summary": "RHBZ#429254", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429254" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-1329", "url": "https://www.cve.org/CVERecord?id=CVE-2006-1329" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-1329", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1329" } ], "release_date": "2006-03-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jabberd SASL DoS" }, { "cve": "CVE-2006-3835", "discovery_date": "2006-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237084" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat directory listing issue", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-3835" }, { "category": "external", "summary": "RHBZ#237084", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835", "url": "https://www.cve.org/CVERecord?id=CVE-2006-3835" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835" } ], "release_date": "2006-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat directory listing issue" }, { "cve": "CVE-2006-5752", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "245112" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd mod_status XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-5752" }, { "category": "external", "summary": "RHBZ#245112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752", "url": "https://www.cve.org/CVERecord?id=CVE-2006-5752" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752" } ], "release_date": "2007-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd mod_status XSS" }, { "cve": "CVE-2006-7195", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237081" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XSS in example webapps", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-7195" }, { "category": "external", "summary": "RHBZ#237081", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237081" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-7195", "url": "https://www.cve.org/CVERecord?id=CVE-2006-7195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-7195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7195" } ], "release_date": "2007-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat XSS in example webapps" }, { "cve": "CVE-2006-7196", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-04-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "238131" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XSS in example webapps", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-7196" }, { "category": "external", "summary": "RHBZ#238131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238131" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-7196", "url": "https://www.cve.org/CVERecord?id=CVE-2006-7196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-7196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7196" } ], "release_date": "2007-04-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat XSS in example webapps" }, { "cve": "CVE-2006-7197", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430642" } ], "notes": [ { "category": "description", "text": "The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_jk chunk too long", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-7197" }, { "category": "external", "summary": "RHBZ#430642", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430642" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-7197", "url": "https://www.cve.org/CVERecord?id=CVE-2006-7197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-7197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7197" } ], "release_date": "2006-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mod_jk chunk too long" }, { "cve": "CVE-2007-0243", "discovery_date": "2007-04-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "325941" } ], "notes": [ { "category": "description", "text": "Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.", "title": "Vulnerability description" }, { "category": "summary", "text": "java-jre: GIF buffer overflow", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-0243" }, { "category": "external", "summary": "RHBZ#325941", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=325941" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0243", "url": "https://www.cve.org/CVERecord?id=CVE-2007-0243" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0243", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0243" } ], "release_date": "2007-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "java-jre: GIF buffer overflow" }, { "cve": "CVE-2007-0450", "discovery_date": "2007-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237080" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat directory traversal", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-0450" }, { "category": "external", "summary": "RHBZ#237080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450", "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450" } ], "release_date": "2007-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat directory traversal" }, { "cve": "CVE-2007-1349", "discovery_date": "2007-05-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "240423" } ], "notes": [ { "category": "description", "text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_perl PerlRun denial of service", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1349" }, { "category": "external", "summary": "RHBZ#240423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1349" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349" } ], "release_date": "2007-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mod_perl PerlRun denial of service" }, { "cve": "CVE-2007-1355", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-05-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "253166" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XSS in samples", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1355" }, { "category": "external", "summary": "RHBZ#253166", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=253166" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1355", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1355" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1355", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1355" } ], "release_date": "2007-05-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat XSS in samples" }, { "cve": "CVE-2007-1358", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "244803" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat accept-language xss flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1358" }, { "category": "external", "summary": "RHBZ#244803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358" } ], "release_date": "2007-06-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat accept-language xss flaw" }, { "cve": "CVE-2007-1860", "discovery_date": "2007-04-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237656" } ], "notes": [ { "category": "description", "text": "mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_jk sends decoded URL to tomcat", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1860" }, { "category": "external", "summary": "RHBZ#237656", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237656" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1860", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1860" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1860", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1860" } ], "release_date": "2007-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mod_jk sends decoded URL to tomcat" }, { "cve": "CVE-2007-2435", "discovery_date": "2007-05-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "239660" } ], "notes": [ { "category": "description", "text": "Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to \"Incorrect Use of System Classes\" and probably related to support for JNLP files.", "title": "Vulnerability description" }, { "category": "summary", "text": "javaws vulnerabilities", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-2435" }, { "category": "external", "summary": "RHBZ#239660", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=239660" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2435", "url": "https://www.cve.org/CVERecord?id=CVE-2007-2435" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2435", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2435" } ], "release_date": "2007-04-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "javaws vulnerabilities" }, { "cve": "CVE-2007-2449", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-05-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "244804" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the \u0027;\u0027 character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat examples jsp XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-2449" }, { "category": "external", "summary": "RHBZ#244804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244804" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2449", "url": "https://www.cve.org/CVERecord?id=CVE-2007-2449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2449" } ], "release_date": "2007-06-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat examples jsp XSS" }, { "cve": "CVE-2007-2450", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-05-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "244808" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat host manager XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-2450" }, { "category": "external", "summary": "RHBZ#244808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244808" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2450", "url": "https://www.cve.org/CVERecord?id=CVE-2007-2450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2450" } ], "release_date": "2007-06-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat host manager XSS" }, { "cve": "CVE-2007-2788", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2007-05-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "250725" } ], "notes": [ { "category": "description", "text": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-2788" }, { "category": "external", "summary": "RHBZ#250725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2788", "url": "https://www.cve.org/CVERecord?id=CVE-2007-2788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2788" } ], "release_date": "2007-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit" }, { "cve": "CVE-2007-2789", "discovery_date": "2007-05-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "250729" } ], "notes": [ { "category": "description", "text": "The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.", "title": "Vulnerability description" }, { "category": "summary", "text": "BMP image parser vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-2789" }, { "category": "external", "summary": "RHBZ#250729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250729" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2789", "url": "https://www.cve.org/CVERecord?id=CVE-2007-2789" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2789", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2789" } ], "release_date": "2007-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "BMP image parser vulnerability" }, { "cve": "CVE-2007-3304", "discovery_date": "2007-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "245111" } ], "notes": [ { "category": "description", "text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd scoreboard lack of PID protection", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3304" }, { "category": "external", "summary": "RHBZ#245111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304" } ], "release_date": "2007-06-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd scoreboard lack of PID protection" }, { "cve": "CVE-2007-3382", "discovery_date": "2007-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "247972" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat handling of cookies", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3382" }, { "category": "external", "summary": "RHBZ#247972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382" } ], "release_date": "2007-08-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat handling of cookies" }, { "cve": "CVE-2007-3385", "discovery_date": "2007-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "247976" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat handling of cookie values", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3385" }, { "category": "external", "summary": "RHBZ#247976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385" } ], "release_date": "2007-08-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat handling of cookie values" }, { "cve": "CVE-2007-4465", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "289511" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_autoindex XSS", "title": "Vulnerability summary" }, { "category": "other", "text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4465" }, { "category": "external", "summary": "RHBZ#289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465" } ], "release_date": "2007-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_autoindex XSS" }, { "cve": "CVE-2007-5000", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "419931" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_imagemap XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5000" }, { "category": "external", "summary": "RHBZ#419931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000" } ], "release_date": "2007-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_imagemap XSS" }, { "cve": "CVE-2007-5461", "discovery_date": "2007-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "333791" } ], "notes": [ { "category": "description", "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", "title": "Vulnerability description" }, { "category": "summary", "text": "Absolute path traversal Apache Tomcat WEBDAV", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5461" }, { "category": "external", "summary": "RHBZ#333791", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461" } ], "release_date": "2007-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Absolute path traversal Apache Tomcat WEBDAV" }, { "cve": "CVE-2007-6306", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "421081" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.", "title": "Vulnerability description" }, { "category": "summary", "text": "JFreeChart: XSS vulnerabilities in the image map feature", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6306" }, { "category": "external", "summary": "RHBZ#421081", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=421081" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6306", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6306" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306" } ], "release_date": "2007-12-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JFreeChart: XSS vulnerabilities in the image map feature" }, { "cve": "CVE-2007-6388", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427228" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache mod_status cross-site scripting", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6388" }, { "category": "external", "summary": "RHBZ#427228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388" } ], "release_date": "2007-12-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache mod_status cross-site scripting" }, { "cve": "CVE-2008-0128", "discovery_date": "2008-01-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "429821" } ], "notes": [ { "category": "description", "text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat5 SSO cookie login information disclosure", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0128" }, { "category": "external", "summary": "RHBZ#429821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0128" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128" } ], "release_date": "2006-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:33:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "3AS-RHNSAT4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3.i386", "3AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "3AS-RHNSAT4.2:openmotif21-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-9.RHEL3.8.i386", "3AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el3.noarch", "3AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel3.i386", "3AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel3.i386", "3AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel3.i386", "3AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch", "4AS-RHNSAT4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT4.2:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT4.2:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT4.2:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT4.2:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT4.2:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT4.2:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0524" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat5 SSO cookie login information disclosure" } ] }
rhsa-2008_0008
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated Apache httpd packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "The Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imagemap module. On sites where mod_imagemap\nwas enabled and an imagemap file was publicly available, a cross-site\nscripting attack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the \"AddDefaultCharset\" directive has been removed\nfrom the configuration, a cross-site scripting attack might have been\npossible against Web browsers which do not correctly derive the response\ncharacter set following the rules in RFC 2616. (CVE-2007-4465)\n\nA flaw was found in the mod_status module. On sites where mod_status was\nenabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_balancer module. On sites where\nmod_proxy_balancer was enabled, a cross-site scripting attack against an\nauthorized user was possible. (CVE-2007-6421)\n\nA flaw was found in the mod_proxy_balancer module. On sites where\nmod_proxy_balancer was enabled, an authorized user could send a carefully\ncrafted request that would cause the Apache child process handling that\nrequest to crash. This could lead to a denial of service if using a\nthreaded Multi-Processing Module. (CVE-2007-6422) \n\nA flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\nwas enabled and a forward proxy was configured, a cross-site scripting\nattack was possible against Web browsers which do not correctly derive the\nresponse character set following the rules in RFC 2616. (CVE-2008-0005)\n\nUsers of Apache httpd should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should restart\nhttpd after installing this update.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0008", "url": "https://access.redhat.com/errata/RHSA-2008:0008" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#moderate", "url": "http://www.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "419931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931" }, { "category": "external", "summary": "427228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228" }, { "category": "external", "summary": "427229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427229" }, { "category": "external", "summary": "427230", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427230" }, { "category": "external", "summary": "427739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0008.json" } ], "title": "Red Hat Security Advisory: httpd security update", "tracking": { "current_release_date": "2024-11-05T16:51:17+00:00", "generator": { "date": "2024-11-05T16:51:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2008:0008", "initial_release_date": "2008-01-15T09:38:00+00:00", "revision_history": [ { "date": "2008-01-15T09:38:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-01-15T04:38:32+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T16:51:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "product": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "product_id": "httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.3-11.el5_1.3?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "product": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "product_id": "httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-11.el5_1.3?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "product": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "product_id": "httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-11.el5_1.3?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "product": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "product_id": "mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.3-11.el5_1.3?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.3-11.el5_1.3.x86_64", "product": { "name": "httpd-0:2.2.3-11.el5_1.3.x86_64", "product_id": "httpd-0:2.2.3-11.el5_1.3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-11.el5_1.3?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.2.3-11.el5_1.3.i386", "product": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.i386", "product_id": "httpd-devel-0:2.2.3-11.el5_1.3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-11.el5_1.3?arch=i386" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "product": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "product_id": "httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-11.el5_1.3?arch=i386" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.3-11.el5_1.3.i386", "product": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.i386", "product_id": "httpd-manual-0:2.2.3-11.el5_1.3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.3-11.el5_1.3?arch=i386" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.3-11.el5_1.3.i386", "product": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.i386", "product_id": "mod_ssl-1:2.2.3-11.el5_1.3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.3-11.el5_1.3?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.3-11.el5_1.3.i386", "product": { "name": "httpd-0:2.2.3-11.el5_1.3.i386", "product_id": "httpd-0:2.2.3-11.el5_1.3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-11.el5_1.3?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.2.3-11.el5_1.3.src", "product": { "name": "httpd-0:2.2.3-11.el5_1.3.src", "product_id": "httpd-0:2.2.3-11.el5_1.3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-11.el5_1.3?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.2.3-11.el5_1.3.ia64", "product": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.ia64", "product_id": "httpd-manual-0:2.2.3-11.el5_1.3.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.3-11.el5_1.3?arch=ia64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.3-11.el5_1.3.ia64", "product": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.ia64", "product_id": "httpd-devel-0:2.2.3-11.el5_1.3.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-11.el5_1.3?arch=ia64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "product": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "product_id": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-11.el5_1.3?arch=ia64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.3-11.el5_1.3.ia64", "product": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.ia64", "product_id": "mod_ssl-1:2.2.3-11.el5_1.3.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.3-11.el5_1.3?arch=ia64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.3-11.el5_1.3.ia64", "product": { "name": "httpd-0:2.2.3-11.el5_1.3.ia64", "product_id": "httpd-0:2.2.3-11.el5_1.3.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-11.el5_1.3?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.2.3-11.el5_1.3.ppc", "product": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.ppc", "product_id": "httpd-manual-0:2.2.3-11.el5_1.3.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.3-11.el5_1.3?arch=ppc" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.3-11.el5_1.3.ppc", "product": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.ppc", "product_id": "httpd-devel-0:2.2.3-11.el5_1.3.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-11.el5_1.3?arch=ppc" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "product": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "product_id": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-11.el5_1.3?arch=ppc" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.3-11.el5_1.3.ppc", "product": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.ppc", "product_id": "mod_ssl-1:2.2.3-11.el5_1.3.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.3-11.el5_1.3?arch=ppc\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.3-11.el5_1.3.ppc", "product": { "name": "httpd-0:2.2.3-11.el5_1.3.ppc", "product_id": "httpd-0:2.2.3-11.el5_1.3.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-11.el5_1.3?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "product": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "product_id": "httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-11.el5_1.3?arch=ppc64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "product": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "product_id": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-11.el5_1.3?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.2.3-11.el5_1.3.s390x", "product": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.s390x", "product_id": "httpd-manual-0:2.2.3-11.el5_1.3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.3-11.el5_1.3?arch=s390x" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.3-11.el5_1.3.s390x", "product": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.s390x", "product_id": "httpd-devel-0:2.2.3-11.el5_1.3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-11.el5_1.3?arch=s390x" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "product": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "product_id": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-11.el5_1.3?arch=s390x" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.3-11.el5_1.3.s390x", "product": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.s390x", "product_id": "mod_ssl-1:2.2.3-11.el5_1.3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.3-11.el5_1.3?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.3-11.el5_1.3.s390x", "product": { "name": "httpd-0:2.2.3-11.el5_1.3.s390x", "product_id": "httpd-0:2.2.3-11.el5_1.3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.3-11.el5_1.3?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.2.3-11.el5_1.3.s390", "product": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.s390", "product_id": "httpd-devel-0:2.2.3-11.el5_1.3.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.3-11.el5_1.3?arch=s390" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "product": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "product_id": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.3-11.el5_1.3?arch=s390" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.i386" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ia64" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ppc" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.s390x" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.src" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.src", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.x86_64" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.i386" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ia64" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc64" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.s390 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.s390", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390x" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.x86_64" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.i386" }, "product_reference": "httpd-manual-0:2.2.3-11.el5_1.3.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ia64" }, "product_reference": "httpd-manual-0:2.2.3-11.el5_1.3.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ppc" }, "product_reference": "httpd-manual-0:2.2.3-11.el5_1.3.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.s390x" }, "product_reference": "httpd-manual-0:2.2.3-11.el5_1.3.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.x86_64" }, "product_reference": "httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.i386" }, "product_reference": "mod_ssl-1:2.2.3-11.el5_1.3.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ia64" }, "product_reference": "mod_ssl-1:2.2.3-11.el5_1.3.ia64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ppc" }, "product_reference": "mod_ssl-1:2.2.3-11.el5_1.3.ppc", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.s390x" }, "product_reference": "mod_ssl-1:2.2.3-11.el5_1.3.s390x", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.x86_64" }, "product_reference": "mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-0:2.2.3-11.el5_1.3.i386" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-0:2.2.3-11.el5_1.3.ia64" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-0:2.2.3-11.el5_1.3.ppc" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-0:2.2.3-11.el5_1.3.s390x" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-0:2.2.3-11.el5_1.3.src" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.src", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-0:2.2.3-11.el5_1.3.x86_64" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-devel-0:2.2.3-11.el5_1.3.i386" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ia64" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc64" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.s390 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.s390", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390x" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-devel-0:2.2.3-11.el5_1.3.x86_64" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-manual-0:2.2.3-11.el5_1.3.i386" }, "product_reference": "httpd-manual-0:2.2.3-11.el5_1.3.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ia64" }, "product_reference": "httpd-manual-0:2.2.3-11.el5_1.3.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ppc" }, "product_reference": "httpd-manual-0:2.2.3-11.el5_1.3.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-manual-0:2.2.3-11.el5_1.3.s390x" }, "product_reference": "httpd-manual-0:2.2.3-11.el5_1.3.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:httpd-manual-0:2.2.3-11.el5_1.3.x86_64" }, "product_reference": "httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:mod_ssl-1:2.2.3-11.el5_1.3.i386" }, "product_reference": "mod_ssl-1:2.2.3-11.el5_1.3.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ia64" }, "product_reference": "mod_ssl-1:2.2.3-11.el5_1.3.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ppc" }, "product_reference": "mod_ssl-1:2.2.3-11.el5_1.3.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:mod_ssl-1:2.2.3-11.el5_1.3.s390x" }, "product_reference": "mod_ssl-1:2.2.3-11.el5_1.3.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:mod_ssl-1:2.2.3-11.el5_1.3.x86_64" }, "product_reference": "mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-0:2.2.3-11.el5_1.3.i386" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-0:2.2.3-11.el5_1.3.ia64" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-0:2.2.3-11.el5_1.3.ppc" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-0:2.2.3-11.el5_1.3.s390x" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.src as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-0:2.2.3-11.el5_1.3.src" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.src", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.3-11.el5_1.3.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-0:2.2.3-11.el5_1.3.x86_64" }, "product_reference": "httpd-0:2.2.3-11.el5_1.3.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-devel-0:2.2.3-11.el5_1.3.i386" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ia64" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc64" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.s390 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.s390", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390x" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.3-11.el5_1.3.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-devel-0:2.2.3-11.el5_1.3.x86_64" }, "product_reference": "httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-manual-0:2.2.3-11.el5_1.3.i386" }, "product_reference": "httpd-manual-0:2.2.3-11.el5_1.3.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ia64" }, "product_reference": "httpd-manual-0:2.2.3-11.el5_1.3.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ppc" }, "product_reference": "httpd-manual-0:2.2.3-11.el5_1.3.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-manual-0:2.2.3-11.el5_1.3.s390x" }, "product_reference": "httpd-manual-0:2.2.3-11.el5_1.3.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.3-11.el5_1.3.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:httpd-manual-0:2.2.3-11.el5_1.3.x86_64" }, "product_reference": "httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:mod_ssl-1:2.2.3-11.el5_1.3.i386" }, "product_reference": "mod_ssl-1:2.2.3-11.el5_1.3.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ia64" }, "product_reference": "mod_ssl-1:2.2.3-11.el5_1.3.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ppc" }, "product_reference": "mod_ssl-1:2.2.3-11.el5_1.3.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:mod_ssl-1:2.2.3-11.el5_1.3.s390x" }, "product_reference": "mod_ssl-1:2.2.3-11.el5_1.3.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.3-11.el5_1.3.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:mod_ssl-1:2.2.3-11.el5_1.3.x86_64" }, "product_reference": "mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "relates_to_product_reference": "5Server" } ] }, "vulnerabilities": [ { "cve": "CVE-2007-4465", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "289511" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_autoindex XSS", "title": "Vulnerability summary" }, { "category": "other", "text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.src", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-0:2.2.3-11.el5_1.3.src", "5Client:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-0:2.2.3-11.el5_1.3.src", "5Server:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4465" }, { "category": "external", "summary": "RHBZ#289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465" } ], "release_date": "2007-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:38:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.src", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-0:2.2.3-11.el5_1.3.src", "5Client:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-0:2.2.3-11.el5_1.3.src", "5Server:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0008" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_autoindex XSS" }, { "cve": "CVE-2007-5000", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "419931" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_imagemap XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.src", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-0:2.2.3-11.el5_1.3.src", "5Client:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-0:2.2.3-11.el5_1.3.src", "5Server:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5000" }, { "category": "external", "summary": "RHBZ#419931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000" } ], "release_date": "2007-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:38:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.src", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-0:2.2.3-11.el5_1.3.src", "5Client:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-0:2.2.3-11.el5_1.3.src", "5Server:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0008" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_imagemap XSS" }, { "cve": "CVE-2007-6388", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427228" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache mod_status cross-site scripting", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.src", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-0:2.2.3-11.el5_1.3.src", "5Client:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-0:2.2.3-11.el5_1.3.src", "5Server:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6388" }, { "category": "external", "summary": "RHBZ#427228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388" } ], "release_date": "2007-12-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:38:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.src", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-0:2.2.3-11.el5_1.3.src", "5Client:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-0:2.2.3-11.el5_1.3.src", "5Server:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0008" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache mod_status cross-site scripting" }, { "cve": "CVE-2007-6421", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427229" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd mod_proxy_balancer cross-site scripting", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.src", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-0:2.2.3-11.el5_1.3.src", "5Client:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-0:2.2.3-11.el5_1.3.src", "5Server:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6421" }, { "category": "external", "summary": "RHBZ#427229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427229" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6421", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6421" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6421", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6421" } ], "release_date": "2008-01-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:38:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.src", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-0:2.2.3-11.el5_1.3.src", "5Client:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-0:2.2.3-11.el5_1.3.src", "5Server:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0008" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd mod_proxy_balancer cross-site scripting" }, { "cve": "CVE-2007-6422", "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427230" } ], "notes": [ { "category": "description", "text": "The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd mod_proxy_balancer crash", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.src", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-0:2.2.3-11.el5_1.3.src", "5Client:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-0:2.2.3-11.el5_1.3.src", "5Server:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6422" }, { "category": "external", "summary": "RHBZ#427230", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427230" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6422", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6422" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6422", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6422" } ], "release_date": "2008-01-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:38:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.src", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-0:2.2.3-11.el5_1.3.src", "5Client:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-0:2.2.3-11.el5_1.3.src", "5Server:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0008" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd mod_proxy_balancer crash" }, { "cve": "CVE-2008-0005", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427739" } ], "notes": [ { "category": "description", "text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_proxy_ftp XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.src", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-0:2.2.3-11.el5_1.3.src", "5Client:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-0:2.2.3-11.el5_1.3.src", "5Server:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0005" }, { "category": "external", "summary": "RHBZ#427739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0005", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005" } ], "release_date": "2008-01-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:38:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.src", "5Client-Workstation:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client-Workstation:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-0:2.2.3-11.el5_1.3.src", "5Client:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Client:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Client:mod_ssl-1:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-0:2.2.3-11.el5_1.3.src", "5Server:httpd-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-debuginfo-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.ppc64", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-devel-0:2.2.3-11.el5_1.3.x86_64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.i386", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ia64", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.ppc", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.s390x", "5Server:httpd-manual-0:2.2.3-11.el5_1.3.x86_64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.i386", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ia64", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.ppc", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.s390x", "5Server:mod_ssl-1:2.2.3-11.el5_1.3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0008" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_proxy_ftp XSS" } ] }
rhsa-2008_0261
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat Network Satellite Server version 5.0.2 is now available. This\nupdate includes fixes for a number of security issues in Red Hat Network\nSatellite Server components.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "During an internal security review, a cross-site scripting flaw was found\nthat affected the Red Hat Network channel search feature. (CVE-2007-5961)\n\nThis release also corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server. In a\ntypical operating environment, these components are not exposed to users of\nSatellite Server in a vulnerable manner. These security updates will reduce\nrisk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws could\nresult in a cross-site scripting, denial-of-service, or information\ndisclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197,\nCVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nA denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329)\n\nMultiple cross-site scripting flaws were fixed in the image map feature in\nthe JFreeChart package. (CVE-2007-6306)\n\nMultiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243,\nCVE-2007-2435, CVE-2007-2788, CVE-2007-2789)\n\nTwo arbitrary code execution flaws were fixed in the OpenMotif package.\n(CVE-2005-3964, CVE-2005-0605)\n\nA flaw which could result in weak encryption was fixed in the\nperl-Crypt-CBC package. (CVE-2006-0898)\n\nMultiple flaws were fixed in the Tomcat package. (CVE-2008-0128,\nCVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355,\nCVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195,\nCVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510)\n\nUsers of Red Hat Network Satellite Server 5.0 are advised to upgrade to\n5.0.2, which resolves these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0261", "url": "https://access.redhat.com/errata/RHSA-2008:0261" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "396641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=396641" }, { "category": "external", "summary": "444136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=444136" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0261.json" } ], "title": "Red Hat Security Advisory: Red Hat Network Satellite Server security update", "tracking": { "current_release_date": "2024-11-05T16:53:58+00:00", "generator": { "date": "2024-11-05T16:53:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2008:0261", "initial_release_date": "2008-05-20T14:12:00+00:00", "revision_history": [ { "date": "2008-05-20T14:12:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-05-20T10:12:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T16:53:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite 5.0 (RHEL v.4 AS)", "product": { "name": "Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.0:el4" } } } ], "category": "product_family", "name": "Red Hat Satellite" }, { "branches": [ { "category": "product_version", "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "product": { "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "product_id": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modssl@2.8.12-8.rhn.10.rhel4?arch=i386" } } }, { "category": "product_version", "name": "jabberd-0:2.0s10-3.38.rhn.i386", "product": { "name": "jabberd-0:2.0s10-3.38.rhn.i386", "product_id": "jabberd-0:2.0s10-3.38.rhn.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/jabberd@2.0s10-3.38.rhn?arch=i386" } } }, { "category": "product_version", "name": "openmotif21-0:2.1.30-11.RHEL4.6.i386", "product": { "name": "openmotif21-0:2.1.30-11.RHEL4.6.i386", "product_id": "openmotif21-0:2.1.30-11.RHEL4.6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openmotif21@2.1.30-11.RHEL4.6?arch=i386" } } }, { "category": "product_version", "name": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "product": { "name": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "product_id": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/openmotif21-debuginfo@2.1.30-11.RHEL4.6?arch=i386" } } }, { "category": "product_version", "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "product": { "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "product_id": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-apache@1.3.27-36.rhn.rhel4?arch=i386" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "product": { "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "product_id": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm@1.4.2.10-1jpp.2.el4?arch=i386" } } }, { "category": "product_version", "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "product": { "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "product_id": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.4.2-ibm-devel@1.4.2.10-1jpp.2.el4?arch=i386" } } }, { "category": "product_version", "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "product": { "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "product_id": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modjk-ap13@1.2.23-2rhn.rhel4?arch=i386" } } }, { "category": "product_version", "name": "rhn-modperl-0:1.29-16.rhel4.i386", "product": { "name": "rhn-modperl-0:1.29-16.rhel4.i386", "product_id": "rhn-modperl-0:1.29-16.rhel4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modperl@1.29-16.rhel4?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "jfreechart-0:0.9.20-3.rhn.noarch", "product": { "name": "jfreechart-0:0.9.20-3.rhn.noarch", "product_id": "jfreechart-0:0.9.20-3.rhn.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jfreechart@0.9.20-3.rhn?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch", "product": { "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch", "product_id": "tomcat5-0:5.0.30-0jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch", "product": { "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch", "product_id": "perl-Crypt-CBC-0:2.24-1.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/perl-Crypt-CBC@2.24-1.el4?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jabberd-0:2.0s10-3.38.rhn.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386" }, "product_reference": "jabberd-0:2.0s10-3.38.rhn.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386" }, "product_reference": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386" }, "product_reference": "java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "jfreechart-0:0.9.20-3.rhn.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch" }, "product_reference": "jfreechart-0:0.9.20-3.rhn.noarch", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "openmotif21-0:2.1.30-11.RHEL4.6.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386" }, "product_reference": "openmotif21-0:2.1.30-11.RHEL4.6.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386" }, "product_reference": "openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "perl-Crypt-CBC-0:2.24-1.el4.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch" }, "product_reference": "perl-Crypt-CBC-0:2.24-1.el4.noarch", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386" }, "product_reference": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386" }, "product_reference": "rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modperl-0:1.29-16.rhel4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386" }, "product_reference": "rhn-modperl-0:1.29-16.rhel4.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386 as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386" }, "product_reference": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "relates_to_product_reference": "4AS-RHNSAT5" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.0.30-0jpp_10rh.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" }, "product_reference": "tomcat5-0:5.0.30-0jpp_10rh.noarch", "relates_to_product_reference": "4AS-RHNSAT5" } ] }, "vulnerabilities": [ { "cve": "CVE-2004-0885", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430637" } ], "notes": [ { "category": "description", "text": "The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the \"SSLCipherSuite\" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_ssl SSLCipherSuite bypass", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0885" }, { "category": "external", "summary": "RHBZ#430637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430637" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0885", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0885" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0885", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0885" } ], "release_date": "2004-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mod_ssl SSLCipherSuite bypass" }, { "cve": "CVE-2005-0605", "discovery_date": "2005-02-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430520" } ], "notes": [ { "category": "description", "text": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxpm buffer overflow", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-0605" }, { "category": "external", "summary": "RHBZ#430520", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430520" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-0605", "url": "https://www.cve.org/CVERecord?id=CVE-2005-0605" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-0605", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0605" } ], "release_date": "2005-03-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxpm buffer overflow" }, { "cve": "CVE-2005-2090", "discovery_date": "2005-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237079" } ], "notes": [ { "category": "description", "text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat multiple content-length header poisioning", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-2090" }, { "category": "external", "summary": "RHBZ#237079", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090", "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090" } ], "release_date": "2005-06-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat multiple content-length header poisioning" }, { "cve": "CVE-2005-3510", "discovery_date": "2005-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237085" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat DoS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-3510" }, { "category": "external", "summary": "RHBZ#237085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510", "url": "https://www.cve.org/CVERecord?id=CVE-2005-3510" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510" } ], "release_date": "2005-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat DoS" }, { "cve": "CVE-2005-3964", "discovery_date": "2005-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430519" } ], "notes": [ { "category": "description", "text": "Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.", "title": "Vulnerability description" }, { "category": "summary", "text": "openmotif libUil buffer overflows", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-3964" }, { "category": "external", "summary": "RHBZ#430519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430519" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3964", "url": "https://www.cve.org/CVERecord?id=CVE-2005-3964" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3964", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3964" } ], "release_date": "2005-12-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openmotif libUil buffer overflows" }, { "cve": "CVE-2005-4838", "discovery_date": "2005-01-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "238401" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat manager example DoS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-4838" }, { "category": "external", "summary": "RHBZ#238401", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238401" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-4838", "url": "https://www.cve.org/CVERecord?id=CVE-2005-4838" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-4838", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4838" } ], "release_date": "2005-01-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat manager example DoS" }, { "cve": "CVE-2006-0254", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2006-01-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430646" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat examples XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-0254" }, { "category": "external", "summary": "RHBZ#430646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430646" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0254", "url": "https://www.cve.org/CVERecord?id=CVE-2006-0254" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0254", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0254" } ], "release_date": "2006-01-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat examples XSS" }, { "cve": "CVE-2006-0898", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430522" } ], "notes": [ { "category": "description", "text": "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.", "title": "Vulnerability description" }, { "category": "summary", "text": "perl-Crypt-CBC weaker encryption with some ciphers", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-0898" }, { "category": "external", "summary": "RHBZ#430522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430522" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-0898", "url": "https://www.cve.org/CVERecord?id=CVE-2006-0898" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-0898", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0898" } ], "release_date": "2006-02-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "perl-Crypt-CBC weaker encryption with some ciphers" }, { "cve": "CVE-2006-1329", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "429254" } ], "notes": [ { "category": "description", "text": "The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service (\"c2s segfault\") by sending a \"response stanza before an auth stanza\".", "title": "Vulnerability description" }, { "category": "summary", "text": "jabberd SASL DoS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-1329" }, { "category": "external", "summary": "RHBZ#429254", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429254" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-1329", "url": "https://www.cve.org/CVERecord?id=CVE-2006-1329" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-1329", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1329" } ], "release_date": "2006-03-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jabberd SASL DoS" }, { "cve": "CVE-2006-3835", "discovery_date": "2006-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237084" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat directory listing issue", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-3835" }, { "category": "external", "summary": "RHBZ#237084", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835", "url": "https://www.cve.org/CVERecord?id=CVE-2006-3835" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835" } ], "release_date": "2006-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat directory listing issue" }, { "cve": "CVE-2006-5752", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "245112" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd mod_status XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-5752" }, { "category": "external", "summary": "RHBZ#245112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752", "url": "https://www.cve.org/CVERecord?id=CVE-2006-5752" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752" } ], "release_date": "2007-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd mod_status XSS" }, { "cve": "CVE-2006-7195", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-04-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237081" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XSS in example webapps", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-7195" }, { "category": "external", "summary": "RHBZ#237081", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237081" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-7195", "url": "https://www.cve.org/CVERecord?id=CVE-2006-7195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-7195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7195" } ], "release_date": "2007-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat XSS in example webapps" }, { "cve": "CVE-2006-7196", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-04-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "238131" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XSS in example webapps", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-7196" }, { "category": "external", "summary": "RHBZ#238131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=238131" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-7196", "url": "https://www.cve.org/CVERecord?id=CVE-2006-7196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-7196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7196" } ], "release_date": "2007-04-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat XSS in example webapps" }, { "cve": "CVE-2006-7197", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430642" } ], "notes": [ { "category": "description", "text": "The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_jk chunk too long", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-7197" }, { "category": "external", "summary": "RHBZ#430642", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430642" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-7197", "url": "https://www.cve.org/CVERecord?id=CVE-2006-7197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-7197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-7197" } ], "release_date": "2006-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mod_jk chunk too long" }, { "cve": "CVE-2007-0243", "discovery_date": "2007-04-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "325941" } ], "notes": [ { "category": "description", "text": "Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.", "title": "Vulnerability description" }, { "category": "summary", "text": "java-jre: GIF buffer overflow", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-0243" }, { "category": "external", "summary": "RHBZ#325941", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=325941" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0243", "url": "https://www.cve.org/CVERecord?id=CVE-2007-0243" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0243", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0243" } ], "release_date": "2007-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "java-jre: GIF buffer overflow" }, { "cve": "CVE-2007-0450", "discovery_date": "2007-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237080" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat directory traversal", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-0450" }, { "category": "external", "summary": "RHBZ#237080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450", "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450" } ], "release_date": "2007-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat directory traversal" }, { "cve": "CVE-2007-1349", "discovery_date": "2007-05-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "240423" } ], "notes": [ { "category": "description", "text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_perl PerlRun denial of service", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1349" }, { "category": "external", "summary": "RHBZ#240423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1349" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349" } ], "release_date": "2007-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mod_perl PerlRun denial of service" }, { "cve": "CVE-2007-1355", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-05-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "253166" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat XSS in samples", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1355" }, { "category": "external", "summary": "RHBZ#253166", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=253166" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1355", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1355" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1355", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1355" } ], "release_date": "2007-05-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat XSS in samples" }, { "cve": "CVE-2007-1358", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "244803" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat accept-language xss flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1358" }, { "category": "external", "summary": "RHBZ#244803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358" } ], "release_date": "2007-06-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat accept-language xss flaw" }, { "cve": "CVE-2007-1860", "discovery_date": "2007-04-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237656" } ], "notes": [ { "category": "description", "text": "mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_jk sends decoded URL to tomcat", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1860" }, { "category": "external", "summary": "RHBZ#237656", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237656" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1860", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1860" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1860", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1860" } ], "release_date": "2007-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mod_jk sends decoded URL to tomcat" }, { "cve": "CVE-2007-2435", "discovery_date": "2007-05-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "239660" } ], "notes": [ { "category": "description", "text": "Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to \"Incorrect Use of System Classes\" and probably related to support for JNLP files.", "title": "Vulnerability description" }, { "category": "summary", "text": "javaws vulnerabilities", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-2435" }, { "category": "external", "summary": "RHBZ#239660", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=239660" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2435", "url": "https://www.cve.org/CVERecord?id=CVE-2007-2435" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2435", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2435" } ], "release_date": "2007-04-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "javaws vulnerabilities" }, { "cve": "CVE-2007-2449", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-05-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "244804" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the \u0027;\u0027 character, as demonstrated by a URI containing a \"snp/snoop.jsp;\" sequence.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat examples jsp XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-2449" }, { "category": "external", "summary": "RHBZ#244804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244804" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2449", "url": "https://www.cve.org/CVERecord?id=CVE-2007-2449" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2449", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2449" } ], "release_date": "2007-06-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat examples jsp XSS" }, { "cve": "CVE-2007-2450", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-05-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "244808" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat host manager XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-2450" }, { "category": "external", "summary": "RHBZ#244808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244808" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2450", "url": "https://www.cve.org/CVERecord?id=CVE-2007-2450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2450" } ], "release_date": "2007-06-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat host manager XSS" }, { "cve": "CVE-2007-2788", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2007-05-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "250725" } ], "notes": [ { "category": "description", "text": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-2788" }, { "category": "external", "summary": "RHBZ#250725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2788", "url": "https://www.cve.org/CVERecord?id=CVE-2007-2788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2788" } ], "release_date": "2007-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit" }, { "cve": "CVE-2007-2789", "discovery_date": "2007-05-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "250729" } ], "notes": [ { "category": "description", "text": "The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.", "title": "Vulnerability description" }, { "category": "summary", "text": "BMP image parser vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-2789" }, { "category": "external", "summary": "RHBZ#250729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250729" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-2789", "url": "https://www.cve.org/CVERecord?id=CVE-2007-2789" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-2789", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2789" } ], "release_date": "2007-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "BMP image parser vulnerability" }, { "cve": "CVE-2007-3304", "discovery_date": "2007-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "245111" } ], "notes": [ { "category": "description", "text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd scoreboard lack of PID protection", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3304" }, { "category": "external", "summary": "RHBZ#245111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304" } ], "release_date": "2007-06-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd scoreboard lack of PID protection" }, { "cve": "CVE-2007-3382", "discovery_date": "2007-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "247972" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat handling of cookies", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3382" }, { "category": "external", "summary": "RHBZ#247972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382" } ], "release_date": "2007-08-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat handling of cookies" }, { "cve": "CVE-2007-3385", "discovery_date": "2007-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "247976" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat handling of cookie values", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3385" }, { "category": "external", "summary": "RHBZ#247976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385" } ], "release_date": "2007-08-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat handling of cookie values" }, { "cve": "CVE-2007-4465", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "289511" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_autoindex XSS", "title": "Vulnerability summary" }, { "category": "other", "text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4465" }, { "category": "external", "summary": "RHBZ#289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465" } ], "release_date": "2007-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_autoindex XSS" }, { "cve": "CVE-2007-5000", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "419931" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_imagemap XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5000" }, { "category": "external", "summary": "RHBZ#419931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000" } ], "release_date": "2007-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_imagemap XSS" }, { "cve": "CVE-2007-5461", "discovery_date": "2007-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "333791" } ], "notes": [ { "category": "description", "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", "title": "Vulnerability description" }, { "category": "summary", "text": "Absolute path traversal Apache Tomcat WEBDAV", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5461" }, { "category": "external", "summary": "RHBZ#333791", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461" } ], "release_date": "2007-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Absolute path traversal Apache Tomcat WEBDAV" }, { "cve": "CVE-2007-5961", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "396641" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "RHN XSS flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5961" }, { "category": "external", "summary": "RHBZ#396641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=396641" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5961", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5961" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5961", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5961" } ], "release_date": "2008-05-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "RHN XSS flaw" }, { "cve": "CVE-2007-6306", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "421081" } ], "notes": [ { "category": "description", "text": "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.", "title": "Vulnerability description" }, { "category": "summary", "text": "JFreeChart: XSS vulnerabilities in the image map feature", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6306" }, { "category": "external", "summary": "RHBZ#421081", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=421081" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6306", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6306" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6306" } ], "release_date": "2007-12-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JFreeChart: XSS vulnerabilities in the image map feature" }, { "cve": "CVE-2007-6388", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427228" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache mod_status cross-site scripting", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6388" }, { "category": "external", "summary": "RHBZ#427228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388" } ], "release_date": "2007-12-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache mod_status cross-site scripting" }, { "cve": "CVE-2008-0128", "discovery_date": "2008-01-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "429821" } ], "notes": [ { "category": "description", "text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat5 SSO cookie login information disclosure", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0128" }, { "category": "external", "summary": "RHBZ#429821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0128" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128" } ], "release_date": "2006-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-05-20T14:12:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNSAT5:java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4.i386", "4AS-RHNSAT5:jfreechart-0:0.9.20-3.rhn.noarch", "4AS-RHNSAT5:openmotif21-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:openmotif21-debuginfo-0:2.1.30-11.RHEL4.6.i386", "4AS-RHNSAT5:perl-Crypt-CBC-0:2.24-1.el4.noarch", "4AS-RHNSAT5:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modjk-ap13-0:1.2.23-2rhn.rhel4.i386", "4AS-RHNSAT5:rhn-modperl-0:1.29-16.rhel4.i386", "4AS-RHNSAT5:rhn-modssl-0:2.8.12-8.rhn.10.rhel4.i386", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_10rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0261" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat5 SSO cookie login information disclosure" } ] }
rhsa-2008_0005
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated Apache httpd packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "The Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site scripting\nattack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the \"AddDefaultCharset\" directive has been removed\nfrom the configuration, a cross-site scripting attack was possible against\nWeb browsers which did not correctly derive the response character set\nfollowing the rules in RFC 2616. (CVE-2007-4465)\n\nA flaw was found in the mod_proxy module. On sites where a reverse proxy is\nconfigured, a remote attacker could send a carefully crafted request that\nwould cause the Apache child process handling that request to crash. On\nsites where a forward proxy is configured, an attacker could cause a\nsimilar crash if a user could be persuaded to visit a malicious site using\nthe proxy. This could lead to a denial of service if using a threaded\nMulti-Processing Module. (CVE-2007-3847) \n\nA flaw was found in the mod_status module. On sites where mod_status was\nenabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\nwas enabled and a forward proxy was configured, a cross-site scripting\nattack was possible against Web browsers which did not correctly derive the\nresponse character set following the rules in RFC 2616. (CVE-2008-0005)\n\nUsers of Apache httpd should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should restart\nhttpd after installing this update.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0005", "url": "https://access.redhat.com/errata/RHSA-2008:0005" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#moderate", "url": "http://www.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "250731", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731" }, { "category": "external", "summary": "289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "419931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931" }, { "category": "external", "summary": "427228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228" }, { "category": "external", "summary": "427739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0005.json" } ], "title": "Red Hat Security Advisory: httpd security update", "tracking": { "current_release_date": "2024-11-05T16:51:03+00:00", "generator": { "date": "2024-11-05T16:51:03+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2008:0005", "initial_release_date": "2008-01-15T09:17:00+00:00", "revision_history": [ { "date": "2008-01-15T09:17:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-01-15T04:17:20+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T16:51:03+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 3", "product": { "name": "Red Hat Enterprise Linux AS version 3", "product_id": "3AS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:3::as" } } }, { "category": "product_name", "name": "Red Hat Desktop version 3", "product": { "name": "Red Hat Desktop version 3", "product_id": "3Desktop", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:3::desktop" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 3", "product": { "name": "Red Hat Enterprise Linux ES version 3", "product_id": "3ES", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:3::es" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 3", "product": { "name": "Red Hat Enterprise Linux WS version 3", "product_id": "3WS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:3::ws" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.0.46-70.ent.ia64", "product": { "name": "httpd-0:2.0.46-70.ent.ia64", "product_id": "httpd-0:2.0.46-70.ent.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.46-70.ent?arch=ia64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.0.46-70.ent.ia64", "product": { "name": "httpd-devel-0:2.0.46-70.ent.ia64", "product_id": "httpd-devel-0:2.0.46-70.ent.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.0.46-70.ent?arch=ia64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.0.46-70.ent.ia64", "product": { "name": "mod_ssl-1:2.0.46-70.ent.ia64", "product_id": "mod_ssl-1:2.0.46-70.ent.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.0.46-70.ent?arch=ia64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.0.46-70.ent.ia64", "product": { "name": "httpd-debuginfo-0:2.0.46-70.ent.ia64", "product_id": "httpd-debuginfo-0:2.0.46-70.ent.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-70.ent?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.0.46-70.ent.src", "product": { "name": "httpd-0:2.0.46-70.ent.src", "product_id": "httpd-0:2.0.46-70.ent.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.46-70.ent?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.0.46-70.ent.x86_64", "product": { "name": "httpd-0:2.0.46-70.ent.x86_64", "product_id": "httpd-0:2.0.46-70.ent.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.46-70.ent?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.0.46-70.ent.x86_64", "product": { "name": "httpd-devel-0:2.0.46-70.ent.x86_64", "product_id": "httpd-devel-0:2.0.46-70.ent.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.0.46-70.ent?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.0.46-70.ent.x86_64", "product": { "name": "mod_ssl-1:2.0.46-70.ent.x86_64", "product_id": "mod_ssl-1:2.0.46-70.ent.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.0.46-70.ent?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.0.46-70.ent.x86_64", "product": { "name": "httpd-debuginfo-0:2.0.46-70.ent.x86_64", "product_id": "httpd-debuginfo-0:2.0.46-70.ent.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-70.ent?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.0.46-70.ent.i386", "product": { "name": "httpd-0:2.0.46-70.ent.i386", "product_id": "httpd-0:2.0.46-70.ent.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.46-70.ent?arch=i386" } } }, { "category": "product_version", "name": "httpd-devel-0:2.0.46-70.ent.i386", "product": { "name": "httpd-devel-0:2.0.46-70.ent.i386", "product_id": "httpd-devel-0:2.0.46-70.ent.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.0.46-70.ent?arch=i386" } } }, { "category": "product_version", "name": "mod_ssl-1:2.0.46-70.ent.i386", "product": { "name": "mod_ssl-1:2.0.46-70.ent.i386", "product_id": "mod_ssl-1:2.0.46-70.ent.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.0.46-70.ent?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.0.46-70.ent.i386", "product": { "name": "httpd-debuginfo-0:2.0.46-70.ent.i386", "product_id": "httpd-debuginfo-0:2.0.46-70.ent.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-70.ent?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.0.46-70.ent.ppc", "product": { "name": "httpd-0:2.0.46-70.ent.ppc", "product_id": "httpd-0:2.0.46-70.ent.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.46-70.ent?arch=ppc" } } }, { "category": "product_version", "name": "httpd-devel-0:2.0.46-70.ent.ppc", "product": { "name": "httpd-devel-0:2.0.46-70.ent.ppc", "product_id": "httpd-devel-0:2.0.46-70.ent.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.0.46-70.ent?arch=ppc" } } }, { "category": "product_version", "name": "mod_ssl-1:2.0.46-70.ent.ppc", "product": { "name": "mod_ssl-1:2.0.46-70.ent.ppc", "product_id": "mod_ssl-1:2.0.46-70.ent.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.0.46-70.ent?arch=ppc\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.0.46-70.ent.ppc", "product": { "name": "httpd-debuginfo-0:2.0.46-70.ent.ppc", "product_id": "httpd-debuginfo-0:2.0.46-70.ent.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-70.ent?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.0.46-70.ent.s390x", "product": { "name": "httpd-0:2.0.46-70.ent.s390x", "product_id": "httpd-0:2.0.46-70.ent.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.46-70.ent?arch=s390x" } } }, { "category": "product_version", "name": "httpd-devel-0:2.0.46-70.ent.s390x", "product": { "name": "httpd-devel-0:2.0.46-70.ent.s390x", "product_id": "httpd-devel-0:2.0.46-70.ent.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.0.46-70.ent?arch=s390x" } } }, { "category": "product_version", "name": "mod_ssl-1:2.0.46-70.ent.s390x", "product": { "name": "mod_ssl-1:2.0.46-70.ent.s390x", "product_id": "mod_ssl-1:2.0.46-70.ent.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.0.46-70.ent?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.0.46-70.ent.s390x", "product": { "name": "httpd-debuginfo-0:2.0.46-70.ent.s390x", "product_id": "httpd-debuginfo-0:2.0.46-70.ent.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-70.ent?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.0.46-70.ent.s390", "product": { "name": "httpd-0:2.0.46-70.ent.s390", "product_id": "httpd-0:2.0.46-70.ent.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.46-70.ent?arch=s390" } } }, { "category": "product_version", "name": "httpd-devel-0:2.0.46-70.ent.s390", "product": { "name": "httpd-devel-0:2.0.46-70.ent.s390", "product_id": "httpd-devel-0:2.0.46-70.ent.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.0.46-70.ent?arch=s390" } } }, { "category": "product_version", "name": "mod_ssl-1:2.0.46-70.ent.s390", "product": { "name": "mod_ssl-1:2.0.46-70.ent.s390", "product_id": "mod_ssl-1:2.0.46-70.ent.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.0.46-70.ent?arch=s390\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.0.46-70.ent.s390", "product": { "name": "httpd-debuginfo-0:2.0.46-70.ent.s390", "product_id": "httpd-debuginfo-0:2.0.46-70.ent.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.46-70.ent?arch=s390" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.i386 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-0:2.0.46-70.ent.i386" }, "product_reference": "httpd-0:2.0.46-70.ent.i386", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-0:2.0.46-70.ent.ia64" }, "product_reference": "httpd-0:2.0.46-70.ent.ia64", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.ppc as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-0:2.0.46-70.ent.ppc" }, "product_reference": "httpd-0:2.0.46-70.ent.ppc", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.s390 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-0:2.0.46-70.ent.s390" }, "product_reference": "httpd-0:2.0.46-70.ent.s390", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.s390x as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-0:2.0.46-70.ent.s390x" }, "product_reference": "httpd-0:2.0.46-70.ent.s390x", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.src as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-0:2.0.46-70.ent.src" }, "product_reference": "httpd-0:2.0.46-70.ent.src", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-0:2.0.46-70.ent.x86_64" }, "product_reference": "httpd-0:2.0.46-70.ent.x86_64", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.i386 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-debuginfo-0:2.0.46-70.ent.i386" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.i386", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-debuginfo-0:2.0.46-70.ent.ia64" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.ia64", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.ppc as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-debuginfo-0:2.0.46-70.ent.ppc" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.ppc", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.s390 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.s390", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.s390x as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390x" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.s390x", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-debuginfo-0:2.0.46-70.ent.x86_64" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.x86_64", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.i386 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-devel-0:2.0.46-70.ent.i386" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.i386", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-devel-0:2.0.46-70.ent.ia64" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.ia64", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.ppc as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-devel-0:2.0.46-70.ent.ppc" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.ppc", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.s390 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-devel-0:2.0.46-70.ent.s390" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.s390", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.s390x as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-devel-0:2.0.46-70.ent.s390x" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.s390x", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:httpd-devel-0:2.0.46-70.ent.x86_64" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.x86_64", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.i386 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:mod_ssl-1:2.0.46-70.ent.i386" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.i386", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.ia64 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:mod_ssl-1:2.0.46-70.ent.ia64" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.ia64", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.ppc as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:mod_ssl-1:2.0.46-70.ent.ppc" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.ppc", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.s390 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:mod_ssl-1:2.0.46-70.ent.s390" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.s390", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.s390x as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:mod_ssl-1:2.0.46-70.ent.s390x" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.s390x", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.x86_64 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:mod_ssl-1:2.0.46-70.ent.x86_64" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.x86_64", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.i386 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-0:2.0.46-70.ent.i386" }, "product_reference": "httpd-0:2.0.46-70.ent.i386", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.ia64 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-0:2.0.46-70.ent.ia64" }, "product_reference": "httpd-0:2.0.46-70.ent.ia64", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.ppc as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-0:2.0.46-70.ent.ppc" }, "product_reference": "httpd-0:2.0.46-70.ent.ppc", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.s390 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-0:2.0.46-70.ent.s390" }, "product_reference": "httpd-0:2.0.46-70.ent.s390", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.s390x as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-0:2.0.46-70.ent.s390x" }, "product_reference": "httpd-0:2.0.46-70.ent.s390x", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.src as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-0:2.0.46-70.ent.src" }, "product_reference": "httpd-0:2.0.46-70.ent.src", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.x86_64 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-0:2.0.46-70.ent.x86_64" }, "product_reference": "httpd-0:2.0.46-70.ent.x86_64", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.i386 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.i386" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.i386", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.ia64 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ia64" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.ia64", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.ppc as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ppc" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.ppc", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.s390 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.s390", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.s390x as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390x" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.s390x", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.x86_64 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.x86_64" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.x86_64", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.i386 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-devel-0:2.0.46-70.ent.i386" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.i386", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.ia64 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-devel-0:2.0.46-70.ent.ia64" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.ia64", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.ppc as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-devel-0:2.0.46-70.ent.ppc" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.ppc", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.s390 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-devel-0:2.0.46-70.ent.s390" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.s390", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.s390x as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-devel-0:2.0.46-70.ent.s390x" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.s390x", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.x86_64 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:httpd-devel-0:2.0.46-70.ent.x86_64" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.x86_64", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.i386 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:mod_ssl-1:2.0.46-70.ent.i386" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.i386", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.ia64 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:mod_ssl-1:2.0.46-70.ent.ia64" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.ia64", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.ppc as a component of Red Hat Desktop version 3", "product_id": "3Desktop:mod_ssl-1:2.0.46-70.ent.ppc" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.ppc", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.s390 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:mod_ssl-1:2.0.46-70.ent.s390" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.s390", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.s390x as a component of Red Hat Desktop version 3", "product_id": "3Desktop:mod_ssl-1:2.0.46-70.ent.s390x" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.s390x", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.x86_64 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:mod_ssl-1:2.0.46-70.ent.x86_64" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.x86_64", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.i386 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-0:2.0.46-70.ent.i386" }, "product_reference": "httpd-0:2.0.46-70.ent.i386", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-0:2.0.46-70.ent.ia64" }, "product_reference": "httpd-0:2.0.46-70.ent.ia64", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.ppc as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-0:2.0.46-70.ent.ppc" }, "product_reference": "httpd-0:2.0.46-70.ent.ppc", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.s390 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-0:2.0.46-70.ent.s390" }, "product_reference": "httpd-0:2.0.46-70.ent.s390", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.s390x as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-0:2.0.46-70.ent.s390x" }, "product_reference": "httpd-0:2.0.46-70.ent.s390x", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.src as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-0:2.0.46-70.ent.src" }, "product_reference": "httpd-0:2.0.46-70.ent.src", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-0:2.0.46-70.ent.x86_64" }, "product_reference": "httpd-0:2.0.46-70.ent.x86_64", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.i386 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-debuginfo-0:2.0.46-70.ent.i386" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.i386", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-debuginfo-0:2.0.46-70.ent.ia64" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.ia64", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.ppc as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-debuginfo-0:2.0.46-70.ent.ppc" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.ppc", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.s390 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.s390", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.s390x as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390x" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.s390x", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-debuginfo-0:2.0.46-70.ent.x86_64" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.x86_64", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.i386 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-devel-0:2.0.46-70.ent.i386" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.i386", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-devel-0:2.0.46-70.ent.ia64" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.ia64", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.ppc as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-devel-0:2.0.46-70.ent.ppc" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.ppc", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.s390 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-devel-0:2.0.46-70.ent.s390" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.s390", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.s390x as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-devel-0:2.0.46-70.ent.s390x" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.s390x", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:httpd-devel-0:2.0.46-70.ent.x86_64" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.x86_64", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.i386 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:mod_ssl-1:2.0.46-70.ent.i386" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.i386", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.ia64 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:mod_ssl-1:2.0.46-70.ent.ia64" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.ia64", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.ppc as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:mod_ssl-1:2.0.46-70.ent.ppc" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.ppc", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.s390 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:mod_ssl-1:2.0.46-70.ent.s390" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.s390", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.s390x as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:mod_ssl-1:2.0.46-70.ent.s390x" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.s390x", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.x86_64 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:mod_ssl-1:2.0.46-70.ent.x86_64" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.x86_64", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.i386 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-0:2.0.46-70.ent.i386" }, "product_reference": "httpd-0:2.0.46-70.ent.i386", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-0:2.0.46-70.ent.ia64" }, "product_reference": "httpd-0:2.0.46-70.ent.ia64", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.ppc as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-0:2.0.46-70.ent.ppc" }, "product_reference": "httpd-0:2.0.46-70.ent.ppc", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.s390 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-0:2.0.46-70.ent.s390" }, "product_reference": "httpd-0:2.0.46-70.ent.s390", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.s390x as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-0:2.0.46-70.ent.s390x" }, "product_reference": "httpd-0:2.0.46-70.ent.s390x", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.src as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-0:2.0.46-70.ent.src" }, "product_reference": "httpd-0:2.0.46-70.ent.src", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.46-70.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-0:2.0.46-70.ent.x86_64" }, "product_reference": "httpd-0:2.0.46-70.ent.x86_64", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.i386 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-debuginfo-0:2.0.46-70.ent.i386" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.i386", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-debuginfo-0:2.0.46-70.ent.ia64" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.ia64", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.ppc as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-debuginfo-0:2.0.46-70.ent.ppc" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.ppc", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.s390 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.s390", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.s390x as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390x" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.s390x", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.46-70.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-debuginfo-0:2.0.46-70.ent.x86_64" }, "product_reference": "httpd-debuginfo-0:2.0.46-70.ent.x86_64", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.i386 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-devel-0:2.0.46-70.ent.i386" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.i386", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-devel-0:2.0.46-70.ent.ia64" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.ia64", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.ppc as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-devel-0:2.0.46-70.ent.ppc" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.ppc", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.s390 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-devel-0:2.0.46-70.ent.s390" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.s390", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.s390x as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-devel-0:2.0.46-70.ent.s390x" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.s390x", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.46-70.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:httpd-devel-0:2.0.46-70.ent.x86_64" }, "product_reference": "httpd-devel-0:2.0.46-70.ent.x86_64", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.i386 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:mod_ssl-1:2.0.46-70.ent.i386" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.i386", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.ia64 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:mod_ssl-1:2.0.46-70.ent.ia64" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.ia64", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.ppc as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:mod_ssl-1:2.0.46-70.ent.ppc" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.ppc", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.s390 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:mod_ssl-1:2.0.46-70.ent.s390" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.s390", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.s390x as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:mod_ssl-1:2.0.46-70.ent.s390x" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.s390x", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.46-70.ent.x86_64 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:mod_ssl-1:2.0.46-70.ent.x86_64" }, "product_reference": "mod_ssl-1:2.0.46-70.ent.x86_64", "relates_to_product_reference": "3WS" } ] }, "vulnerabilities": [ { "cve": "CVE-2007-3847", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2007-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "250731" } ], "notes": [ { "category": "description", "text": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: out of bounds read", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS:httpd-0:2.0.46-70.ent.i386", "3AS:httpd-0:2.0.46-70.ent.ia64", "3AS:httpd-0:2.0.46-70.ent.ppc", "3AS:httpd-0:2.0.46-70.ent.s390", "3AS:httpd-0:2.0.46-70.ent.s390x", "3AS:httpd-0:2.0.46-70.ent.src", "3AS:httpd-0:2.0.46-70.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3AS:httpd-devel-0:2.0.46-70.ent.i386", "3AS:httpd-devel-0:2.0.46-70.ent.ia64", "3AS:httpd-devel-0:2.0.46-70.ent.ppc", "3AS:httpd-devel-0:2.0.46-70.ent.s390", "3AS:httpd-devel-0:2.0.46-70.ent.s390x", "3AS:httpd-devel-0:2.0.46-70.ent.x86_64", "3AS:mod_ssl-1:2.0.46-70.ent.i386", "3AS:mod_ssl-1:2.0.46-70.ent.ia64", "3AS:mod_ssl-1:2.0.46-70.ent.ppc", "3AS:mod_ssl-1:2.0.46-70.ent.s390", "3AS:mod_ssl-1:2.0.46-70.ent.s390x", "3AS:mod_ssl-1:2.0.46-70.ent.x86_64", "3Desktop:httpd-0:2.0.46-70.ent.i386", "3Desktop:httpd-0:2.0.46-70.ent.ia64", "3Desktop:httpd-0:2.0.46-70.ent.ppc", "3Desktop:httpd-0:2.0.46-70.ent.s390", "3Desktop:httpd-0:2.0.46-70.ent.s390x", "3Desktop:httpd-0:2.0.46-70.ent.src", "3Desktop:httpd-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-70.ent.i386", "3Desktop:httpd-devel-0:2.0.46-70.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-70.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-70.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-70.ent.i386", "3Desktop:mod_ssl-1:2.0.46-70.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-70.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-70.ent.x86_64", "3ES:httpd-0:2.0.46-70.ent.i386", "3ES:httpd-0:2.0.46-70.ent.ia64", "3ES:httpd-0:2.0.46-70.ent.ppc", "3ES:httpd-0:2.0.46-70.ent.s390", "3ES:httpd-0:2.0.46-70.ent.s390x", "3ES:httpd-0:2.0.46-70.ent.src", "3ES:httpd-0:2.0.46-70.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3ES:httpd-devel-0:2.0.46-70.ent.i386", "3ES:httpd-devel-0:2.0.46-70.ent.ia64", "3ES:httpd-devel-0:2.0.46-70.ent.ppc", "3ES:httpd-devel-0:2.0.46-70.ent.s390", "3ES:httpd-devel-0:2.0.46-70.ent.s390x", "3ES:httpd-devel-0:2.0.46-70.ent.x86_64", "3ES:mod_ssl-1:2.0.46-70.ent.i386", "3ES:mod_ssl-1:2.0.46-70.ent.ia64", "3ES:mod_ssl-1:2.0.46-70.ent.ppc", "3ES:mod_ssl-1:2.0.46-70.ent.s390", "3ES:mod_ssl-1:2.0.46-70.ent.s390x", "3ES:mod_ssl-1:2.0.46-70.ent.x86_64", "3WS:httpd-0:2.0.46-70.ent.i386", "3WS:httpd-0:2.0.46-70.ent.ia64", "3WS:httpd-0:2.0.46-70.ent.ppc", "3WS:httpd-0:2.0.46-70.ent.s390", "3WS:httpd-0:2.0.46-70.ent.s390x", "3WS:httpd-0:2.0.46-70.ent.src", "3WS:httpd-0:2.0.46-70.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3WS:httpd-devel-0:2.0.46-70.ent.i386", "3WS:httpd-devel-0:2.0.46-70.ent.ia64", "3WS:httpd-devel-0:2.0.46-70.ent.ppc", "3WS:httpd-devel-0:2.0.46-70.ent.s390", "3WS:httpd-devel-0:2.0.46-70.ent.s390x", "3WS:httpd-devel-0:2.0.46-70.ent.x86_64", "3WS:mod_ssl-1:2.0.46-70.ent.i386", "3WS:mod_ssl-1:2.0.46-70.ent.ia64", "3WS:mod_ssl-1:2.0.46-70.ent.ppc", "3WS:mod_ssl-1:2.0.46-70.ent.s390", "3WS:mod_ssl-1:2.0.46-70.ent.s390x", "3WS:mod_ssl-1:2.0.46-70.ent.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3847" }, { "category": "external", "summary": "RHBZ#250731", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3847", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847" } ], "release_date": "2007-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:17:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS:httpd-0:2.0.46-70.ent.i386", "3AS:httpd-0:2.0.46-70.ent.ia64", "3AS:httpd-0:2.0.46-70.ent.ppc", "3AS:httpd-0:2.0.46-70.ent.s390", "3AS:httpd-0:2.0.46-70.ent.s390x", "3AS:httpd-0:2.0.46-70.ent.src", "3AS:httpd-0:2.0.46-70.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3AS:httpd-devel-0:2.0.46-70.ent.i386", "3AS:httpd-devel-0:2.0.46-70.ent.ia64", "3AS:httpd-devel-0:2.0.46-70.ent.ppc", "3AS:httpd-devel-0:2.0.46-70.ent.s390", "3AS:httpd-devel-0:2.0.46-70.ent.s390x", "3AS:httpd-devel-0:2.0.46-70.ent.x86_64", "3AS:mod_ssl-1:2.0.46-70.ent.i386", "3AS:mod_ssl-1:2.0.46-70.ent.ia64", "3AS:mod_ssl-1:2.0.46-70.ent.ppc", "3AS:mod_ssl-1:2.0.46-70.ent.s390", "3AS:mod_ssl-1:2.0.46-70.ent.s390x", "3AS:mod_ssl-1:2.0.46-70.ent.x86_64", "3Desktop:httpd-0:2.0.46-70.ent.i386", "3Desktop:httpd-0:2.0.46-70.ent.ia64", "3Desktop:httpd-0:2.0.46-70.ent.ppc", "3Desktop:httpd-0:2.0.46-70.ent.s390", "3Desktop:httpd-0:2.0.46-70.ent.s390x", "3Desktop:httpd-0:2.0.46-70.ent.src", "3Desktop:httpd-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-70.ent.i386", "3Desktop:httpd-devel-0:2.0.46-70.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-70.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-70.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-70.ent.i386", "3Desktop:mod_ssl-1:2.0.46-70.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-70.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-70.ent.x86_64", "3ES:httpd-0:2.0.46-70.ent.i386", "3ES:httpd-0:2.0.46-70.ent.ia64", "3ES:httpd-0:2.0.46-70.ent.ppc", "3ES:httpd-0:2.0.46-70.ent.s390", "3ES:httpd-0:2.0.46-70.ent.s390x", "3ES:httpd-0:2.0.46-70.ent.src", "3ES:httpd-0:2.0.46-70.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3ES:httpd-devel-0:2.0.46-70.ent.i386", "3ES:httpd-devel-0:2.0.46-70.ent.ia64", "3ES:httpd-devel-0:2.0.46-70.ent.ppc", "3ES:httpd-devel-0:2.0.46-70.ent.s390", "3ES:httpd-devel-0:2.0.46-70.ent.s390x", "3ES:httpd-devel-0:2.0.46-70.ent.x86_64", "3ES:mod_ssl-1:2.0.46-70.ent.i386", "3ES:mod_ssl-1:2.0.46-70.ent.ia64", "3ES:mod_ssl-1:2.0.46-70.ent.ppc", "3ES:mod_ssl-1:2.0.46-70.ent.s390", "3ES:mod_ssl-1:2.0.46-70.ent.s390x", "3ES:mod_ssl-1:2.0.46-70.ent.x86_64", "3WS:httpd-0:2.0.46-70.ent.i386", "3WS:httpd-0:2.0.46-70.ent.ia64", "3WS:httpd-0:2.0.46-70.ent.ppc", "3WS:httpd-0:2.0.46-70.ent.s390", "3WS:httpd-0:2.0.46-70.ent.s390x", "3WS:httpd-0:2.0.46-70.ent.src", "3WS:httpd-0:2.0.46-70.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3WS:httpd-devel-0:2.0.46-70.ent.i386", "3WS:httpd-devel-0:2.0.46-70.ent.ia64", "3WS:httpd-devel-0:2.0.46-70.ent.ppc", "3WS:httpd-devel-0:2.0.46-70.ent.s390", "3WS:httpd-devel-0:2.0.46-70.ent.s390x", "3WS:httpd-devel-0:2.0.46-70.ent.x86_64", "3WS:mod_ssl-1:2.0.46-70.ent.i386", "3WS:mod_ssl-1:2.0.46-70.ent.ia64", "3WS:mod_ssl-1:2.0.46-70.ent.ppc", "3WS:mod_ssl-1:2.0.46-70.ent.s390", "3WS:mod_ssl-1:2.0.46-70.ent.s390x", "3WS:mod_ssl-1:2.0.46-70.ent.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0005" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: out of bounds read" }, { "cve": "CVE-2007-4465", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "289511" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_autoindex XSS", "title": "Vulnerability summary" }, { "category": "other", "text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS:httpd-0:2.0.46-70.ent.i386", "3AS:httpd-0:2.0.46-70.ent.ia64", "3AS:httpd-0:2.0.46-70.ent.ppc", "3AS:httpd-0:2.0.46-70.ent.s390", "3AS:httpd-0:2.0.46-70.ent.s390x", "3AS:httpd-0:2.0.46-70.ent.src", "3AS:httpd-0:2.0.46-70.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3AS:httpd-devel-0:2.0.46-70.ent.i386", "3AS:httpd-devel-0:2.0.46-70.ent.ia64", "3AS:httpd-devel-0:2.0.46-70.ent.ppc", "3AS:httpd-devel-0:2.0.46-70.ent.s390", "3AS:httpd-devel-0:2.0.46-70.ent.s390x", "3AS:httpd-devel-0:2.0.46-70.ent.x86_64", "3AS:mod_ssl-1:2.0.46-70.ent.i386", "3AS:mod_ssl-1:2.0.46-70.ent.ia64", "3AS:mod_ssl-1:2.0.46-70.ent.ppc", "3AS:mod_ssl-1:2.0.46-70.ent.s390", "3AS:mod_ssl-1:2.0.46-70.ent.s390x", "3AS:mod_ssl-1:2.0.46-70.ent.x86_64", "3Desktop:httpd-0:2.0.46-70.ent.i386", "3Desktop:httpd-0:2.0.46-70.ent.ia64", "3Desktop:httpd-0:2.0.46-70.ent.ppc", "3Desktop:httpd-0:2.0.46-70.ent.s390", "3Desktop:httpd-0:2.0.46-70.ent.s390x", "3Desktop:httpd-0:2.0.46-70.ent.src", "3Desktop:httpd-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-70.ent.i386", "3Desktop:httpd-devel-0:2.0.46-70.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-70.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-70.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-70.ent.i386", "3Desktop:mod_ssl-1:2.0.46-70.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-70.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-70.ent.x86_64", "3ES:httpd-0:2.0.46-70.ent.i386", "3ES:httpd-0:2.0.46-70.ent.ia64", "3ES:httpd-0:2.0.46-70.ent.ppc", "3ES:httpd-0:2.0.46-70.ent.s390", "3ES:httpd-0:2.0.46-70.ent.s390x", "3ES:httpd-0:2.0.46-70.ent.src", "3ES:httpd-0:2.0.46-70.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3ES:httpd-devel-0:2.0.46-70.ent.i386", "3ES:httpd-devel-0:2.0.46-70.ent.ia64", "3ES:httpd-devel-0:2.0.46-70.ent.ppc", "3ES:httpd-devel-0:2.0.46-70.ent.s390", "3ES:httpd-devel-0:2.0.46-70.ent.s390x", "3ES:httpd-devel-0:2.0.46-70.ent.x86_64", "3ES:mod_ssl-1:2.0.46-70.ent.i386", "3ES:mod_ssl-1:2.0.46-70.ent.ia64", "3ES:mod_ssl-1:2.0.46-70.ent.ppc", "3ES:mod_ssl-1:2.0.46-70.ent.s390", "3ES:mod_ssl-1:2.0.46-70.ent.s390x", "3ES:mod_ssl-1:2.0.46-70.ent.x86_64", "3WS:httpd-0:2.0.46-70.ent.i386", "3WS:httpd-0:2.0.46-70.ent.ia64", "3WS:httpd-0:2.0.46-70.ent.ppc", "3WS:httpd-0:2.0.46-70.ent.s390", "3WS:httpd-0:2.0.46-70.ent.s390x", "3WS:httpd-0:2.0.46-70.ent.src", "3WS:httpd-0:2.0.46-70.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3WS:httpd-devel-0:2.0.46-70.ent.i386", "3WS:httpd-devel-0:2.0.46-70.ent.ia64", "3WS:httpd-devel-0:2.0.46-70.ent.ppc", "3WS:httpd-devel-0:2.0.46-70.ent.s390", "3WS:httpd-devel-0:2.0.46-70.ent.s390x", "3WS:httpd-devel-0:2.0.46-70.ent.x86_64", "3WS:mod_ssl-1:2.0.46-70.ent.i386", "3WS:mod_ssl-1:2.0.46-70.ent.ia64", "3WS:mod_ssl-1:2.0.46-70.ent.ppc", "3WS:mod_ssl-1:2.0.46-70.ent.s390", "3WS:mod_ssl-1:2.0.46-70.ent.s390x", "3WS:mod_ssl-1:2.0.46-70.ent.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4465" }, { "category": "external", "summary": "RHBZ#289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465" } ], "release_date": "2007-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:17:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS:httpd-0:2.0.46-70.ent.i386", "3AS:httpd-0:2.0.46-70.ent.ia64", "3AS:httpd-0:2.0.46-70.ent.ppc", "3AS:httpd-0:2.0.46-70.ent.s390", "3AS:httpd-0:2.0.46-70.ent.s390x", "3AS:httpd-0:2.0.46-70.ent.src", "3AS:httpd-0:2.0.46-70.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3AS:httpd-devel-0:2.0.46-70.ent.i386", "3AS:httpd-devel-0:2.0.46-70.ent.ia64", "3AS:httpd-devel-0:2.0.46-70.ent.ppc", "3AS:httpd-devel-0:2.0.46-70.ent.s390", "3AS:httpd-devel-0:2.0.46-70.ent.s390x", "3AS:httpd-devel-0:2.0.46-70.ent.x86_64", "3AS:mod_ssl-1:2.0.46-70.ent.i386", "3AS:mod_ssl-1:2.0.46-70.ent.ia64", "3AS:mod_ssl-1:2.0.46-70.ent.ppc", "3AS:mod_ssl-1:2.0.46-70.ent.s390", "3AS:mod_ssl-1:2.0.46-70.ent.s390x", "3AS:mod_ssl-1:2.0.46-70.ent.x86_64", "3Desktop:httpd-0:2.0.46-70.ent.i386", "3Desktop:httpd-0:2.0.46-70.ent.ia64", "3Desktop:httpd-0:2.0.46-70.ent.ppc", "3Desktop:httpd-0:2.0.46-70.ent.s390", "3Desktop:httpd-0:2.0.46-70.ent.s390x", "3Desktop:httpd-0:2.0.46-70.ent.src", "3Desktop:httpd-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-70.ent.i386", "3Desktop:httpd-devel-0:2.0.46-70.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-70.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-70.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-70.ent.i386", "3Desktop:mod_ssl-1:2.0.46-70.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-70.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-70.ent.x86_64", "3ES:httpd-0:2.0.46-70.ent.i386", "3ES:httpd-0:2.0.46-70.ent.ia64", "3ES:httpd-0:2.0.46-70.ent.ppc", "3ES:httpd-0:2.0.46-70.ent.s390", "3ES:httpd-0:2.0.46-70.ent.s390x", "3ES:httpd-0:2.0.46-70.ent.src", "3ES:httpd-0:2.0.46-70.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3ES:httpd-devel-0:2.0.46-70.ent.i386", "3ES:httpd-devel-0:2.0.46-70.ent.ia64", "3ES:httpd-devel-0:2.0.46-70.ent.ppc", "3ES:httpd-devel-0:2.0.46-70.ent.s390", "3ES:httpd-devel-0:2.0.46-70.ent.s390x", "3ES:httpd-devel-0:2.0.46-70.ent.x86_64", "3ES:mod_ssl-1:2.0.46-70.ent.i386", "3ES:mod_ssl-1:2.0.46-70.ent.ia64", "3ES:mod_ssl-1:2.0.46-70.ent.ppc", "3ES:mod_ssl-1:2.0.46-70.ent.s390", "3ES:mod_ssl-1:2.0.46-70.ent.s390x", "3ES:mod_ssl-1:2.0.46-70.ent.x86_64", "3WS:httpd-0:2.0.46-70.ent.i386", "3WS:httpd-0:2.0.46-70.ent.ia64", "3WS:httpd-0:2.0.46-70.ent.ppc", "3WS:httpd-0:2.0.46-70.ent.s390", "3WS:httpd-0:2.0.46-70.ent.s390x", "3WS:httpd-0:2.0.46-70.ent.src", "3WS:httpd-0:2.0.46-70.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3WS:httpd-devel-0:2.0.46-70.ent.i386", "3WS:httpd-devel-0:2.0.46-70.ent.ia64", "3WS:httpd-devel-0:2.0.46-70.ent.ppc", "3WS:httpd-devel-0:2.0.46-70.ent.s390", "3WS:httpd-devel-0:2.0.46-70.ent.s390x", "3WS:httpd-devel-0:2.0.46-70.ent.x86_64", "3WS:mod_ssl-1:2.0.46-70.ent.i386", "3WS:mod_ssl-1:2.0.46-70.ent.ia64", "3WS:mod_ssl-1:2.0.46-70.ent.ppc", "3WS:mod_ssl-1:2.0.46-70.ent.s390", "3WS:mod_ssl-1:2.0.46-70.ent.s390x", "3WS:mod_ssl-1:2.0.46-70.ent.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0005" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_autoindex XSS" }, { "cve": "CVE-2007-5000", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "419931" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_imagemap XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS:httpd-0:2.0.46-70.ent.i386", "3AS:httpd-0:2.0.46-70.ent.ia64", "3AS:httpd-0:2.0.46-70.ent.ppc", "3AS:httpd-0:2.0.46-70.ent.s390", "3AS:httpd-0:2.0.46-70.ent.s390x", "3AS:httpd-0:2.0.46-70.ent.src", "3AS:httpd-0:2.0.46-70.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3AS:httpd-devel-0:2.0.46-70.ent.i386", "3AS:httpd-devel-0:2.0.46-70.ent.ia64", "3AS:httpd-devel-0:2.0.46-70.ent.ppc", "3AS:httpd-devel-0:2.0.46-70.ent.s390", "3AS:httpd-devel-0:2.0.46-70.ent.s390x", "3AS:httpd-devel-0:2.0.46-70.ent.x86_64", "3AS:mod_ssl-1:2.0.46-70.ent.i386", "3AS:mod_ssl-1:2.0.46-70.ent.ia64", "3AS:mod_ssl-1:2.0.46-70.ent.ppc", "3AS:mod_ssl-1:2.0.46-70.ent.s390", "3AS:mod_ssl-1:2.0.46-70.ent.s390x", "3AS:mod_ssl-1:2.0.46-70.ent.x86_64", "3Desktop:httpd-0:2.0.46-70.ent.i386", "3Desktop:httpd-0:2.0.46-70.ent.ia64", "3Desktop:httpd-0:2.0.46-70.ent.ppc", "3Desktop:httpd-0:2.0.46-70.ent.s390", "3Desktop:httpd-0:2.0.46-70.ent.s390x", "3Desktop:httpd-0:2.0.46-70.ent.src", "3Desktop:httpd-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-70.ent.i386", "3Desktop:httpd-devel-0:2.0.46-70.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-70.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-70.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-70.ent.i386", "3Desktop:mod_ssl-1:2.0.46-70.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-70.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-70.ent.x86_64", "3ES:httpd-0:2.0.46-70.ent.i386", "3ES:httpd-0:2.0.46-70.ent.ia64", "3ES:httpd-0:2.0.46-70.ent.ppc", "3ES:httpd-0:2.0.46-70.ent.s390", "3ES:httpd-0:2.0.46-70.ent.s390x", "3ES:httpd-0:2.0.46-70.ent.src", "3ES:httpd-0:2.0.46-70.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3ES:httpd-devel-0:2.0.46-70.ent.i386", "3ES:httpd-devel-0:2.0.46-70.ent.ia64", "3ES:httpd-devel-0:2.0.46-70.ent.ppc", "3ES:httpd-devel-0:2.0.46-70.ent.s390", "3ES:httpd-devel-0:2.0.46-70.ent.s390x", "3ES:httpd-devel-0:2.0.46-70.ent.x86_64", "3ES:mod_ssl-1:2.0.46-70.ent.i386", "3ES:mod_ssl-1:2.0.46-70.ent.ia64", "3ES:mod_ssl-1:2.0.46-70.ent.ppc", "3ES:mod_ssl-1:2.0.46-70.ent.s390", "3ES:mod_ssl-1:2.0.46-70.ent.s390x", "3ES:mod_ssl-1:2.0.46-70.ent.x86_64", "3WS:httpd-0:2.0.46-70.ent.i386", "3WS:httpd-0:2.0.46-70.ent.ia64", "3WS:httpd-0:2.0.46-70.ent.ppc", "3WS:httpd-0:2.0.46-70.ent.s390", "3WS:httpd-0:2.0.46-70.ent.s390x", "3WS:httpd-0:2.0.46-70.ent.src", "3WS:httpd-0:2.0.46-70.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3WS:httpd-devel-0:2.0.46-70.ent.i386", "3WS:httpd-devel-0:2.0.46-70.ent.ia64", "3WS:httpd-devel-0:2.0.46-70.ent.ppc", "3WS:httpd-devel-0:2.0.46-70.ent.s390", "3WS:httpd-devel-0:2.0.46-70.ent.s390x", "3WS:httpd-devel-0:2.0.46-70.ent.x86_64", "3WS:mod_ssl-1:2.0.46-70.ent.i386", "3WS:mod_ssl-1:2.0.46-70.ent.ia64", "3WS:mod_ssl-1:2.0.46-70.ent.ppc", "3WS:mod_ssl-1:2.0.46-70.ent.s390", "3WS:mod_ssl-1:2.0.46-70.ent.s390x", "3WS:mod_ssl-1:2.0.46-70.ent.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5000" }, { "category": "external", "summary": "RHBZ#419931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000" } ], "release_date": "2007-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:17:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS:httpd-0:2.0.46-70.ent.i386", "3AS:httpd-0:2.0.46-70.ent.ia64", "3AS:httpd-0:2.0.46-70.ent.ppc", "3AS:httpd-0:2.0.46-70.ent.s390", "3AS:httpd-0:2.0.46-70.ent.s390x", "3AS:httpd-0:2.0.46-70.ent.src", "3AS:httpd-0:2.0.46-70.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3AS:httpd-devel-0:2.0.46-70.ent.i386", "3AS:httpd-devel-0:2.0.46-70.ent.ia64", "3AS:httpd-devel-0:2.0.46-70.ent.ppc", "3AS:httpd-devel-0:2.0.46-70.ent.s390", "3AS:httpd-devel-0:2.0.46-70.ent.s390x", "3AS:httpd-devel-0:2.0.46-70.ent.x86_64", "3AS:mod_ssl-1:2.0.46-70.ent.i386", "3AS:mod_ssl-1:2.0.46-70.ent.ia64", "3AS:mod_ssl-1:2.0.46-70.ent.ppc", "3AS:mod_ssl-1:2.0.46-70.ent.s390", "3AS:mod_ssl-1:2.0.46-70.ent.s390x", "3AS:mod_ssl-1:2.0.46-70.ent.x86_64", "3Desktop:httpd-0:2.0.46-70.ent.i386", "3Desktop:httpd-0:2.0.46-70.ent.ia64", "3Desktop:httpd-0:2.0.46-70.ent.ppc", "3Desktop:httpd-0:2.0.46-70.ent.s390", "3Desktop:httpd-0:2.0.46-70.ent.s390x", "3Desktop:httpd-0:2.0.46-70.ent.src", "3Desktop:httpd-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-70.ent.i386", "3Desktop:httpd-devel-0:2.0.46-70.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-70.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-70.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-70.ent.i386", "3Desktop:mod_ssl-1:2.0.46-70.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-70.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-70.ent.x86_64", "3ES:httpd-0:2.0.46-70.ent.i386", "3ES:httpd-0:2.0.46-70.ent.ia64", "3ES:httpd-0:2.0.46-70.ent.ppc", "3ES:httpd-0:2.0.46-70.ent.s390", "3ES:httpd-0:2.0.46-70.ent.s390x", "3ES:httpd-0:2.0.46-70.ent.src", "3ES:httpd-0:2.0.46-70.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3ES:httpd-devel-0:2.0.46-70.ent.i386", "3ES:httpd-devel-0:2.0.46-70.ent.ia64", "3ES:httpd-devel-0:2.0.46-70.ent.ppc", "3ES:httpd-devel-0:2.0.46-70.ent.s390", "3ES:httpd-devel-0:2.0.46-70.ent.s390x", "3ES:httpd-devel-0:2.0.46-70.ent.x86_64", "3ES:mod_ssl-1:2.0.46-70.ent.i386", "3ES:mod_ssl-1:2.0.46-70.ent.ia64", "3ES:mod_ssl-1:2.0.46-70.ent.ppc", "3ES:mod_ssl-1:2.0.46-70.ent.s390", "3ES:mod_ssl-1:2.0.46-70.ent.s390x", "3ES:mod_ssl-1:2.0.46-70.ent.x86_64", "3WS:httpd-0:2.0.46-70.ent.i386", "3WS:httpd-0:2.0.46-70.ent.ia64", "3WS:httpd-0:2.0.46-70.ent.ppc", "3WS:httpd-0:2.0.46-70.ent.s390", "3WS:httpd-0:2.0.46-70.ent.s390x", "3WS:httpd-0:2.0.46-70.ent.src", "3WS:httpd-0:2.0.46-70.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3WS:httpd-devel-0:2.0.46-70.ent.i386", "3WS:httpd-devel-0:2.0.46-70.ent.ia64", "3WS:httpd-devel-0:2.0.46-70.ent.ppc", "3WS:httpd-devel-0:2.0.46-70.ent.s390", "3WS:httpd-devel-0:2.0.46-70.ent.s390x", "3WS:httpd-devel-0:2.0.46-70.ent.x86_64", "3WS:mod_ssl-1:2.0.46-70.ent.i386", "3WS:mod_ssl-1:2.0.46-70.ent.ia64", "3WS:mod_ssl-1:2.0.46-70.ent.ppc", "3WS:mod_ssl-1:2.0.46-70.ent.s390", "3WS:mod_ssl-1:2.0.46-70.ent.s390x", "3WS:mod_ssl-1:2.0.46-70.ent.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0005" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_imagemap XSS" }, { "cve": "CVE-2007-6388", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427228" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache mod_status cross-site scripting", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS:httpd-0:2.0.46-70.ent.i386", "3AS:httpd-0:2.0.46-70.ent.ia64", "3AS:httpd-0:2.0.46-70.ent.ppc", "3AS:httpd-0:2.0.46-70.ent.s390", "3AS:httpd-0:2.0.46-70.ent.s390x", "3AS:httpd-0:2.0.46-70.ent.src", "3AS:httpd-0:2.0.46-70.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3AS:httpd-devel-0:2.0.46-70.ent.i386", "3AS:httpd-devel-0:2.0.46-70.ent.ia64", "3AS:httpd-devel-0:2.0.46-70.ent.ppc", "3AS:httpd-devel-0:2.0.46-70.ent.s390", "3AS:httpd-devel-0:2.0.46-70.ent.s390x", "3AS:httpd-devel-0:2.0.46-70.ent.x86_64", "3AS:mod_ssl-1:2.0.46-70.ent.i386", "3AS:mod_ssl-1:2.0.46-70.ent.ia64", "3AS:mod_ssl-1:2.0.46-70.ent.ppc", "3AS:mod_ssl-1:2.0.46-70.ent.s390", "3AS:mod_ssl-1:2.0.46-70.ent.s390x", "3AS:mod_ssl-1:2.0.46-70.ent.x86_64", "3Desktop:httpd-0:2.0.46-70.ent.i386", "3Desktop:httpd-0:2.0.46-70.ent.ia64", "3Desktop:httpd-0:2.0.46-70.ent.ppc", "3Desktop:httpd-0:2.0.46-70.ent.s390", "3Desktop:httpd-0:2.0.46-70.ent.s390x", "3Desktop:httpd-0:2.0.46-70.ent.src", "3Desktop:httpd-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-70.ent.i386", "3Desktop:httpd-devel-0:2.0.46-70.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-70.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-70.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-70.ent.i386", "3Desktop:mod_ssl-1:2.0.46-70.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-70.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-70.ent.x86_64", "3ES:httpd-0:2.0.46-70.ent.i386", "3ES:httpd-0:2.0.46-70.ent.ia64", "3ES:httpd-0:2.0.46-70.ent.ppc", "3ES:httpd-0:2.0.46-70.ent.s390", "3ES:httpd-0:2.0.46-70.ent.s390x", "3ES:httpd-0:2.0.46-70.ent.src", "3ES:httpd-0:2.0.46-70.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3ES:httpd-devel-0:2.0.46-70.ent.i386", "3ES:httpd-devel-0:2.0.46-70.ent.ia64", "3ES:httpd-devel-0:2.0.46-70.ent.ppc", "3ES:httpd-devel-0:2.0.46-70.ent.s390", "3ES:httpd-devel-0:2.0.46-70.ent.s390x", "3ES:httpd-devel-0:2.0.46-70.ent.x86_64", "3ES:mod_ssl-1:2.0.46-70.ent.i386", "3ES:mod_ssl-1:2.0.46-70.ent.ia64", "3ES:mod_ssl-1:2.0.46-70.ent.ppc", "3ES:mod_ssl-1:2.0.46-70.ent.s390", "3ES:mod_ssl-1:2.0.46-70.ent.s390x", "3ES:mod_ssl-1:2.0.46-70.ent.x86_64", "3WS:httpd-0:2.0.46-70.ent.i386", "3WS:httpd-0:2.0.46-70.ent.ia64", "3WS:httpd-0:2.0.46-70.ent.ppc", "3WS:httpd-0:2.0.46-70.ent.s390", "3WS:httpd-0:2.0.46-70.ent.s390x", "3WS:httpd-0:2.0.46-70.ent.src", "3WS:httpd-0:2.0.46-70.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3WS:httpd-devel-0:2.0.46-70.ent.i386", "3WS:httpd-devel-0:2.0.46-70.ent.ia64", "3WS:httpd-devel-0:2.0.46-70.ent.ppc", "3WS:httpd-devel-0:2.0.46-70.ent.s390", "3WS:httpd-devel-0:2.0.46-70.ent.s390x", "3WS:httpd-devel-0:2.0.46-70.ent.x86_64", "3WS:mod_ssl-1:2.0.46-70.ent.i386", "3WS:mod_ssl-1:2.0.46-70.ent.ia64", "3WS:mod_ssl-1:2.0.46-70.ent.ppc", "3WS:mod_ssl-1:2.0.46-70.ent.s390", "3WS:mod_ssl-1:2.0.46-70.ent.s390x", "3WS:mod_ssl-1:2.0.46-70.ent.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6388" }, { "category": "external", "summary": "RHBZ#427228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388" } ], "release_date": "2007-12-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:17:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS:httpd-0:2.0.46-70.ent.i386", "3AS:httpd-0:2.0.46-70.ent.ia64", "3AS:httpd-0:2.0.46-70.ent.ppc", "3AS:httpd-0:2.0.46-70.ent.s390", "3AS:httpd-0:2.0.46-70.ent.s390x", "3AS:httpd-0:2.0.46-70.ent.src", "3AS:httpd-0:2.0.46-70.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3AS:httpd-devel-0:2.0.46-70.ent.i386", "3AS:httpd-devel-0:2.0.46-70.ent.ia64", "3AS:httpd-devel-0:2.0.46-70.ent.ppc", "3AS:httpd-devel-0:2.0.46-70.ent.s390", "3AS:httpd-devel-0:2.0.46-70.ent.s390x", "3AS:httpd-devel-0:2.0.46-70.ent.x86_64", "3AS:mod_ssl-1:2.0.46-70.ent.i386", "3AS:mod_ssl-1:2.0.46-70.ent.ia64", "3AS:mod_ssl-1:2.0.46-70.ent.ppc", "3AS:mod_ssl-1:2.0.46-70.ent.s390", "3AS:mod_ssl-1:2.0.46-70.ent.s390x", "3AS:mod_ssl-1:2.0.46-70.ent.x86_64", "3Desktop:httpd-0:2.0.46-70.ent.i386", "3Desktop:httpd-0:2.0.46-70.ent.ia64", "3Desktop:httpd-0:2.0.46-70.ent.ppc", "3Desktop:httpd-0:2.0.46-70.ent.s390", "3Desktop:httpd-0:2.0.46-70.ent.s390x", "3Desktop:httpd-0:2.0.46-70.ent.src", "3Desktop:httpd-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-70.ent.i386", "3Desktop:httpd-devel-0:2.0.46-70.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-70.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-70.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-70.ent.i386", "3Desktop:mod_ssl-1:2.0.46-70.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-70.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-70.ent.x86_64", "3ES:httpd-0:2.0.46-70.ent.i386", "3ES:httpd-0:2.0.46-70.ent.ia64", "3ES:httpd-0:2.0.46-70.ent.ppc", "3ES:httpd-0:2.0.46-70.ent.s390", "3ES:httpd-0:2.0.46-70.ent.s390x", "3ES:httpd-0:2.0.46-70.ent.src", "3ES:httpd-0:2.0.46-70.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3ES:httpd-devel-0:2.0.46-70.ent.i386", "3ES:httpd-devel-0:2.0.46-70.ent.ia64", "3ES:httpd-devel-0:2.0.46-70.ent.ppc", "3ES:httpd-devel-0:2.0.46-70.ent.s390", "3ES:httpd-devel-0:2.0.46-70.ent.s390x", "3ES:httpd-devel-0:2.0.46-70.ent.x86_64", "3ES:mod_ssl-1:2.0.46-70.ent.i386", "3ES:mod_ssl-1:2.0.46-70.ent.ia64", "3ES:mod_ssl-1:2.0.46-70.ent.ppc", "3ES:mod_ssl-1:2.0.46-70.ent.s390", "3ES:mod_ssl-1:2.0.46-70.ent.s390x", "3ES:mod_ssl-1:2.0.46-70.ent.x86_64", "3WS:httpd-0:2.0.46-70.ent.i386", "3WS:httpd-0:2.0.46-70.ent.ia64", "3WS:httpd-0:2.0.46-70.ent.ppc", "3WS:httpd-0:2.0.46-70.ent.s390", "3WS:httpd-0:2.0.46-70.ent.s390x", "3WS:httpd-0:2.0.46-70.ent.src", "3WS:httpd-0:2.0.46-70.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3WS:httpd-devel-0:2.0.46-70.ent.i386", "3WS:httpd-devel-0:2.0.46-70.ent.ia64", "3WS:httpd-devel-0:2.0.46-70.ent.ppc", "3WS:httpd-devel-0:2.0.46-70.ent.s390", "3WS:httpd-devel-0:2.0.46-70.ent.s390x", "3WS:httpd-devel-0:2.0.46-70.ent.x86_64", "3WS:mod_ssl-1:2.0.46-70.ent.i386", "3WS:mod_ssl-1:2.0.46-70.ent.ia64", "3WS:mod_ssl-1:2.0.46-70.ent.ppc", "3WS:mod_ssl-1:2.0.46-70.ent.s390", "3WS:mod_ssl-1:2.0.46-70.ent.s390x", "3WS:mod_ssl-1:2.0.46-70.ent.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0005" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache mod_status cross-site scripting" }, { "cve": "CVE-2008-0005", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427739" } ], "notes": [ { "category": "description", "text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_proxy_ftp XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS:httpd-0:2.0.46-70.ent.i386", "3AS:httpd-0:2.0.46-70.ent.ia64", "3AS:httpd-0:2.0.46-70.ent.ppc", "3AS:httpd-0:2.0.46-70.ent.s390", "3AS:httpd-0:2.0.46-70.ent.s390x", "3AS:httpd-0:2.0.46-70.ent.src", "3AS:httpd-0:2.0.46-70.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3AS:httpd-devel-0:2.0.46-70.ent.i386", "3AS:httpd-devel-0:2.0.46-70.ent.ia64", "3AS:httpd-devel-0:2.0.46-70.ent.ppc", "3AS:httpd-devel-0:2.0.46-70.ent.s390", "3AS:httpd-devel-0:2.0.46-70.ent.s390x", "3AS:httpd-devel-0:2.0.46-70.ent.x86_64", "3AS:mod_ssl-1:2.0.46-70.ent.i386", "3AS:mod_ssl-1:2.0.46-70.ent.ia64", "3AS:mod_ssl-1:2.0.46-70.ent.ppc", "3AS:mod_ssl-1:2.0.46-70.ent.s390", "3AS:mod_ssl-1:2.0.46-70.ent.s390x", "3AS:mod_ssl-1:2.0.46-70.ent.x86_64", "3Desktop:httpd-0:2.0.46-70.ent.i386", "3Desktop:httpd-0:2.0.46-70.ent.ia64", "3Desktop:httpd-0:2.0.46-70.ent.ppc", "3Desktop:httpd-0:2.0.46-70.ent.s390", "3Desktop:httpd-0:2.0.46-70.ent.s390x", "3Desktop:httpd-0:2.0.46-70.ent.src", "3Desktop:httpd-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-70.ent.i386", "3Desktop:httpd-devel-0:2.0.46-70.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-70.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-70.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-70.ent.i386", "3Desktop:mod_ssl-1:2.0.46-70.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-70.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-70.ent.x86_64", "3ES:httpd-0:2.0.46-70.ent.i386", "3ES:httpd-0:2.0.46-70.ent.ia64", "3ES:httpd-0:2.0.46-70.ent.ppc", "3ES:httpd-0:2.0.46-70.ent.s390", "3ES:httpd-0:2.0.46-70.ent.s390x", "3ES:httpd-0:2.0.46-70.ent.src", "3ES:httpd-0:2.0.46-70.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3ES:httpd-devel-0:2.0.46-70.ent.i386", "3ES:httpd-devel-0:2.0.46-70.ent.ia64", "3ES:httpd-devel-0:2.0.46-70.ent.ppc", "3ES:httpd-devel-0:2.0.46-70.ent.s390", "3ES:httpd-devel-0:2.0.46-70.ent.s390x", "3ES:httpd-devel-0:2.0.46-70.ent.x86_64", "3ES:mod_ssl-1:2.0.46-70.ent.i386", "3ES:mod_ssl-1:2.0.46-70.ent.ia64", "3ES:mod_ssl-1:2.0.46-70.ent.ppc", "3ES:mod_ssl-1:2.0.46-70.ent.s390", "3ES:mod_ssl-1:2.0.46-70.ent.s390x", "3ES:mod_ssl-1:2.0.46-70.ent.x86_64", "3WS:httpd-0:2.0.46-70.ent.i386", "3WS:httpd-0:2.0.46-70.ent.ia64", "3WS:httpd-0:2.0.46-70.ent.ppc", "3WS:httpd-0:2.0.46-70.ent.s390", "3WS:httpd-0:2.0.46-70.ent.s390x", "3WS:httpd-0:2.0.46-70.ent.src", "3WS:httpd-0:2.0.46-70.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3WS:httpd-devel-0:2.0.46-70.ent.i386", "3WS:httpd-devel-0:2.0.46-70.ent.ia64", "3WS:httpd-devel-0:2.0.46-70.ent.ppc", "3WS:httpd-devel-0:2.0.46-70.ent.s390", "3WS:httpd-devel-0:2.0.46-70.ent.s390x", "3WS:httpd-devel-0:2.0.46-70.ent.x86_64", "3WS:mod_ssl-1:2.0.46-70.ent.i386", "3WS:mod_ssl-1:2.0.46-70.ent.ia64", "3WS:mod_ssl-1:2.0.46-70.ent.ppc", "3WS:mod_ssl-1:2.0.46-70.ent.s390", "3WS:mod_ssl-1:2.0.46-70.ent.s390x", "3WS:mod_ssl-1:2.0.46-70.ent.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0005" }, { "category": "external", "summary": "RHBZ#427739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0005", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005" } ], "release_date": "2008-01-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:17:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS:httpd-0:2.0.46-70.ent.i386", "3AS:httpd-0:2.0.46-70.ent.ia64", "3AS:httpd-0:2.0.46-70.ent.ppc", "3AS:httpd-0:2.0.46-70.ent.s390", "3AS:httpd-0:2.0.46-70.ent.s390x", "3AS:httpd-0:2.0.46-70.ent.src", "3AS:httpd-0:2.0.46-70.ent.x86_64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3AS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3AS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3AS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3AS:httpd-devel-0:2.0.46-70.ent.i386", "3AS:httpd-devel-0:2.0.46-70.ent.ia64", "3AS:httpd-devel-0:2.0.46-70.ent.ppc", "3AS:httpd-devel-0:2.0.46-70.ent.s390", "3AS:httpd-devel-0:2.0.46-70.ent.s390x", "3AS:httpd-devel-0:2.0.46-70.ent.x86_64", "3AS:mod_ssl-1:2.0.46-70.ent.i386", "3AS:mod_ssl-1:2.0.46-70.ent.ia64", "3AS:mod_ssl-1:2.0.46-70.ent.ppc", "3AS:mod_ssl-1:2.0.46-70.ent.s390", "3AS:mod_ssl-1:2.0.46-70.ent.s390x", "3AS:mod_ssl-1:2.0.46-70.ent.x86_64", "3Desktop:httpd-0:2.0.46-70.ent.i386", "3Desktop:httpd-0:2.0.46-70.ent.ia64", "3Desktop:httpd-0:2.0.46-70.ent.ppc", "3Desktop:httpd-0:2.0.46-70.ent.s390", "3Desktop:httpd-0:2.0.46-70.ent.s390x", "3Desktop:httpd-0:2.0.46-70.ent.src", "3Desktop:httpd-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.i386", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3Desktop:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3Desktop:httpd-devel-0:2.0.46-70.ent.i386", "3Desktop:httpd-devel-0:2.0.46-70.ent.ia64", "3Desktop:httpd-devel-0:2.0.46-70.ent.ppc", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390", "3Desktop:httpd-devel-0:2.0.46-70.ent.s390x", "3Desktop:httpd-devel-0:2.0.46-70.ent.x86_64", "3Desktop:mod_ssl-1:2.0.46-70.ent.i386", "3Desktop:mod_ssl-1:2.0.46-70.ent.ia64", "3Desktop:mod_ssl-1:2.0.46-70.ent.ppc", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390", "3Desktop:mod_ssl-1:2.0.46-70.ent.s390x", "3Desktop:mod_ssl-1:2.0.46-70.ent.x86_64", "3ES:httpd-0:2.0.46-70.ent.i386", "3ES:httpd-0:2.0.46-70.ent.ia64", "3ES:httpd-0:2.0.46-70.ent.ppc", "3ES:httpd-0:2.0.46-70.ent.s390", "3ES:httpd-0:2.0.46-70.ent.s390x", "3ES:httpd-0:2.0.46-70.ent.src", "3ES:httpd-0:2.0.46-70.ent.x86_64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.i386", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3ES:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390", "3ES:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3ES:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3ES:httpd-devel-0:2.0.46-70.ent.i386", "3ES:httpd-devel-0:2.0.46-70.ent.ia64", "3ES:httpd-devel-0:2.0.46-70.ent.ppc", "3ES:httpd-devel-0:2.0.46-70.ent.s390", "3ES:httpd-devel-0:2.0.46-70.ent.s390x", "3ES:httpd-devel-0:2.0.46-70.ent.x86_64", "3ES:mod_ssl-1:2.0.46-70.ent.i386", "3ES:mod_ssl-1:2.0.46-70.ent.ia64", "3ES:mod_ssl-1:2.0.46-70.ent.ppc", "3ES:mod_ssl-1:2.0.46-70.ent.s390", "3ES:mod_ssl-1:2.0.46-70.ent.s390x", "3ES:mod_ssl-1:2.0.46-70.ent.x86_64", "3WS:httpd-0:2.0.46-70.ent.i386", "3WS:httpd-0:2.0.46-70.ent.ia64", "3WS:httpd-0:2.0.46-70.ent.ppc", "3WS:httpd-0:2.0.46-70.ent.s390", "3WS:httpd-0:2.0.46-70.ent.s390x", "3WS:httpd-0:2.0.46-70.ent.src", "3WS:httpd-0:2.0.46-70.ent.x86_64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.i386", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ia64", "3WS:httpd-debuginfo-0:2.0.46-70.ent.ppc", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390", "3WS:httpd-debuginfo-0:2.0.46-70.ent.s390x", "3WS:httpd-debuginfo-0:2.0.46-70.ent.x86_64", "3WS:httpd-devel-0:2.0.46-70.ent.i386", "3WS:httpd-devel-0:2.0.46-70.ent.ia64", "3WS:httpd-devel-0:2.0.46-70.ent.ppc", "3WS:httpd-devel-0:2.0.46-70.ent.s390", "3WS:httpd-devel-0:2.0.46-70.ent.s390x", "3WS:httpd-devel-0:2.0.46-70.ent.x86_64", "3WS:mod_ssl-1:2.0.46-70.ent.i386", "3WS:mod_ssl-1:2.0.46-70.ent.ia64", "3WS:mod_ssl-1:2.0.46-70.ent.ppc", "3WS:mod_ssl-1:2.0.46-70.ent.s390", "3WS:mod_ssl-1:2.0.46-70.ent.s390x", "3WS:mod_ssl-1:2.0.46-70.ent.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0005" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_proxy_ftp XSS" } ] }
rhsa-2010_0602
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0602", "url": "https://access.redhat.com/errata/RHSA-2010:0602" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#moderate", "url": "http://www.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html", "url": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html" }, { "category": "external", "summary": "200732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732" }, { "category": "external", "summary": "237079", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079" }, { "category": "external", "summary": "237080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080" }, { "category": "external", "summary": "237084", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084" }, { "category": "external", "summary": "237085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085" }, { "category": "external", "summary": "240423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423" }, { "category": "external", "summary": "244658", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658" }, { "category": "external", "summary": "244803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803" }, { "category": "external", "summary": "245111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111" }, { "category": "external", "summary": "245112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112" }, { "category": "external", "summary": "247972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972" }, { "category": "external", "summary": "247976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976" }, { "category": "external", "summary": "250731", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731" }, { "category": "external", "summary": "289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "323571", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571" }, { "category": "external", "summary": "333791", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791" }, { "category": "external", "summary": "419931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931" }, { "category": "external", "summary": "427228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228" }, { "category": "external", "summary": "427739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739" }, { "category": "external", "summary": "427766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766" }, { "category": "external", "summary": "429821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821" }, { "category": "external", "summary": "443928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928" }, { "category": "external", "summary": "451615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615" }, { "category": "external", "summary": "457597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597" }, { "category": "external", "summary": "457934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934" }, { "category": "external", "summary": "458250", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250" }, { "category": "external", "summary": "493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "503928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928" }, { "category": "external", "summary": "503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "504390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390" }, { "category": "external", "summary": "504555", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555" }, { "category": "external", "summary": "504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "external", "summary": "509125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125" }, { "category": "external", "summary": "515698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698" }, { "category": "external", "summary": "521619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619" }, { "category": "external", "summary": "522209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209" }, { "category": "external", "summary": "570171", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171" }, { "category": "external", "summary": "596426", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json" } ], "title": "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update", "tracking": { "current_release_date": "2024-11-05T17:18:24+00:00", "generator": { "date": "2024-11-05T17:18:24+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2010:0602", "initial_release_date": "2010-08-04T21:30:00+00:00", "revision_history": [ { "date": "2010-08-04T21:30:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-08-05T10:04:51+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T17:18:24+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Certificate System 7.3 for 4AS", "product": { "name": "Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:certificate_system:7.3" } } }, { "category": "product_name", "name": "Red Hat Certificate System 7.3 for 4ES", "product": { "name": "Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:certificate_system:7.3" } } } ], "category": "product_family", "name": "Red Hat Certificate System" }, { "branches": [ { "category": "product_version", "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "product": { "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "product_id": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch" } } }, { "category": "product_version", "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch", "product": { "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch", "product_id": "xml-commons-0:1.3.02-2jpp_1rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch" } } }, { "category": "product_version", "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch", "product": { "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch", "product_id": "xerces-j2-0:2.7.1-1jpp_1rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch" } } }, { "category": "product_version", "name": "ant-0:1.6.5-1jpp_1rh.noarch", "product": { "name": "ant-0:1.6.5-1jpp_1rh.noarch", "product_id": "ant-0:1.6.5-1jpp_1rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch" } } }, { "category": "product_version", "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch", "product": { "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch", "product_id": "avalon-logkit-0:1.2-2jpp_4rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch" } } }, { "category": "product_version", "name": "axis-0:1.2.1-1jpp_3rh.noarch", "product": { "name": "axis-0:1.2.1-1jpp_3rh.noarch", "product_id": "axis-0:1.2.1-1jpp_3rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch" } } }, { "category": "product_version", "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch", "product": { "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch", "product_id": "classpathx-jaf-0:1.0-2jpp_6rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch" } } }, { "category": "product_version", "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "product": { "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch" } } }, { "category": "product_version", "name": "log4j-0:1.2.12-1jpp_1rh.noarch", "product": { "name": "log4j-0:1.2.12-1jpp_1rh.noarch", "product_id": "log4j-0:1.2.12-1jpp_1rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch" } } }, { "category": "product_version", "name": "mx4j-1:3.0.1-1jpp_4rh.noarch", "product": { "name": "mx4j-1:3.0.1-1jpp_4rh.noarch", "product_id": "mx4j-1:3.0.1-1jpp_4rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "product": { "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch" } } }, { "category": "product_version", "name": "rhpki-manage-0:7.3.0-19.el4.noarch", "product": { "name": "rhpki-manage-0:7.3.0-19.el4.noarch", "product_id": "rhpki-manage-0:7.3.0-19.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch" } } }, { "category": "product_version", "name": "rhpki-ca-0:7.3.0-20.el4.noarch", "product": { "name": "rhpki-ca-0:7.3.0-20.el4.noarch", "product_id": "rhpki-ca-0:7.3.0-20.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch" } } }, { "category": "product_version", "name": "rhpki-kra-0:7.3.0-14.el4.noarch", "product": { "name": "rhpki-kra-0:7.3.0-14.el4.noarch", "product_id": "rhpki-kra-0:7.3.0-14.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch" } } }, { "category": "product_version", "name": "rhpki-tks-0:7.3.0-13.el4.noarch", "product": { "name": "rhpki-tks-0:7.3.0-13.el4.noarch", "product_id": "rhpki-tks-0:7.3.0-13.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch" } } }, { "category": "product_version", "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch", "product": { "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch", "product_id": "rhpki-ocsp-0:7.3.0-13.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch" } } }, { "category": "product_version", "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch", "product": { "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch", "product_id": "rhpki-java-tools-0:7.3.0-10.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "product": { "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_id": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "xml-commons-0:1.3.02-2jpp_1rh.src", "product": { "name": "xml-commons-0:1.3.02-2jpp_1rh.src", "product_id": "xml-commons-0:1.3.02-2jpp_1rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src" } } }, { "category": "product_version", "name": "xerces-j2-0:2.7.1-1jpp_1rh.src", "product": { "name": "xerces-j2-0:2.7.1-1jpp_1rh.src", "product_id": "xerces-j2-0:2.7.1-1jpp_1rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src" } } }, { "category": "product_version", "name": "ant-0:1.6.5-1jpp_1rh.src", "product": { "name": "ant-0:1.6.5-1jpp_1rh.src", "product_id": "ant-0:1.6.5-1jpp_1rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src" } } }, { "category": "product_version", "name": "avalon-logkit-0:1.2-2jpp_4rh.src", "product": { "name": "avalon-logkit-0:1.2-2jpp_4rh.src", "product_id": "avalon-logkit-0:1.2-2jpp_4rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src" } } }, { "category": "product_version", "name": "axis-0:1.2.1-1jpp_3rh.src", "product": { "name": "axis-0:1.2.1-1jpp_3rh.src", "product_id": "axis-0:1.2.1-1jpp_3rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src" } } }, { "category": "product_version", "name": "classpathx-jaf-0:1.0-2jpp_6rh.src", "product": { "name": "classpathx-jaf-0:1.0-2jpp_6rh.src", "product_id": "classpathx-jaf-0:1.0-2jpp_6rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src" } } }, { "category": "product_version", "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src", "product": { "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src", "product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src" } } }, { "category": "product_version", "name": "log4j-0:1.2.12-1jpp_1rh.src", "product": { "name": "log4j-0:1.2.12-1jpp_1rh.src", "product_id": "log4j-0:1.2.12-1jpp_1rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src" } } }, { "category": "product_version", "name": "mx4j-1:3.0.1-1jpp_4rh.src", "product": { "name": "mx4j-1:3.0.1-1jpp_4rh.src", "product_id": "mx4j-1:3.0.1-1jpp_4rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "product": { "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src", "product": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src", "product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src" } } }, { "category": "product_version", "name": "pcsc-lite-0:1.3.3-3.el4.src", "product": { "name": "pcsc-lite-0:1.3.3-3.el4.src", "product_id": "pcsc-lite-0:1.3.3-3.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src" } } }, { "category": "product_version", "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "product": { "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64", "product": { "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64", "product_id": "rhpki-native-tools-0:7.3.0-6.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64" } } }, { "category": "product_version", "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "product": { "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64" } } }, { "category": "product_version", "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "product": { "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "product_id": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64" } } }, { "category": "product_version", "name": "pcsc-lite-0:1.3.3-3.el4.x86_64", "product": { "name": "pcsc-lite-0:1.3.3-3.el4.x86_64", "product_id": "pcsc-lite-0:1.3.3-3.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64" } } }, { "category": "product_version", "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "product": { "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "product_id": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rhpki-native-tools-0:7.3.0-6.el4.i386", "product": { "name": "rhpki-native-tools-0:7.3.0-6.el4.i386", "product_id": "rhpki-native-tools-0:7.3.0-6.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386" } } }, { "category": "product_version", "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "product": { "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386" } } }, { "category": "product_version", "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386", "product": { "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386", "product_id": "pcsc-lite-doc-0:1.3.3-3.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386" } } }, { "category": "product_version", "name": "pcsc-lite-0:1.3.3-3.el4.i386", "product": { "name": "pcsc-lite-0:1.3.3-3.el4.i386", "product_id": "pcsc-lite-0:1.3.3-3.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386" } } }, { "category": "product_version", "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386", "product": { "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386", "product_id": "pcsc-lite-libs-0:1.3.3-3.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386" } } } ], "category": "architecture", "name": "i386" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch" }, "product_reference": "ant-0:1.6.5-1jpp_1rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src" }, "product_reference": "ant-0:1.6.5-1jpp_1rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch" }, "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src" }, "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch" }, "product_reference": "axis-0:1.2.1-1jpp_3rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src" }, "product_reference": "axis-0:1.2.1-1jpp_3rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch" }, "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src" }, "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch" }, "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src" }, "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src" }, "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch" }, "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src" }, "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch" }, "product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src" }, "product_reference": "log4j-0:1.2.12-1jpp_1rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch" }, "product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src" }, "product_reference": "mx4j-1:3.0.1-1jpp_4rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386" }, "product_reference": "pcsc-lite-0:1.3.3-3.el4.i386", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src" }, "product_reference": "pcsc-lite-0:1.3.3-3.el4.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64" }, "product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386" }, "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64" }, "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386" }, "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64" }, "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386" }, "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64" }, "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch" }, "product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch" }, "product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch" }, "product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch" }, "product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386" }, "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64" }, "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch" }, "product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch" }, "product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch" }, "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src" }, "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch" }, "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src" }, "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" }, "product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch" }, "product_reference": "ant-0:1.6.5-1jpp_1rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src" }, "product_reference": "ant-0:1.6.5-1jpp_1rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch" }, "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src" }, "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch" }, "product_reference": "axis-0:1.2.1-1jpp_3rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src" }, "product_reference": "axis-0:1.2.1-1jpp_3rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch" }, "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src" }, "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch" }, "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src" }, "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src" }, "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch" }, "product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch" }, "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src" }, "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch" }, "product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src" }, "product_reference": "log4j-0:1.2.12-1jpp_1rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch" }, "product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src" }, "product_reference": "mx4j-1:3.0.1-1jpp_4rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386" }, "product_reference": "pcsc-lite-0:1.3.3-3.el4.i386", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src" }, "product_reference": "pcsc-lite-0:1.3.3-3.el4.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64" }, "product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386" }, "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64" }, "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386" }, "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64" }, "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386" }, "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64" }, "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch" }, "product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch" }, "product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch" }, "product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch" }, "product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386" }, "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64" }, "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch" }, "product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch" }, "product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch" }, "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src" }, "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch" }, "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src" }, "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" }, "product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "relates_to_product_reference": "4ES-CERT-7.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2005-2090", "discovery_date": "2005-06-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237079" } ], "notes": [ { "category": "description", "text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat multiple content-length header poisioning", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-2090" }, { "category": "external", "summary": "RHBZ#237079", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090", "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090" } ], "release_date": "2005-06-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat multiple content-length header poisioning" }, { "cve": "CVE-2005-3510", "discovery_date": "2005-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237085" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat DoS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-3510" }, { "category": "external", "summary": "RHBZ#237085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510", "url": "https://www.cve.org/CVERecord?id=CVE-2005-3510" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510" } ], "release_date": "2005-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat DoS" }, { "cve": "CVE-2006-3835", "discovery_date": "2006-07-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237084" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat directory listing issue", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-3835" }, { "category": "external", "summary": "RHBZ#237084", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835", "url": "https://www.cve.org/CVERecord?id=CVE-2006-3835" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835" } ], "release_date": "2006-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat directory listing issue" }, { "cve": "CVE-2006-3918", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2006-07-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "200732" } ], "notes": [ { "category": "description", "text": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Expect header XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-3918" }, { "category": "external", "summary": "RHBZ#200732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3918", "url": "https://www.cve.org/CVERecord?id=CVE-2006-3918" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918" } ], "release_date": "2006-05-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Expect header XSS" }, { "cve": "CVE-2006-5752", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "245112" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd mod_status XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-5752" }, { "category": "external", "summary": "RHBZ#245112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752", "url": "https://www.cve.org/CVERecord?id=CVE-2006-5752" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752" } ], "release_date": "2007-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd mod_status XSS" }, { "cve": "CVE-2007-0450", "discovery_date": "2007-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "237080" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat directory traversal", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-0450" }, { "category": "external", "summary": "RHBZ#237080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450", "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450" } ], "release_date": "2007-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat directory traversal" }, { "cve": "CVE-2007-1349", "discovery_date": "2007-05-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "240423" } ], "notes": [ { "category": "description", "text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_perl PerlRun denial of service", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1349" }, { "category": "external", "summary": "RHBZ#240423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1349" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349" } ], "release_date": "2007-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mod_perl PerlRun denial of service" }, { "cve": "CVE-2007-1358", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "244803" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat accept-language xss flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1358" }, { "category": "external", "summary": "RHBZ#244803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358" } ], "release_date": "2007-06-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat accept-language xss flaw" }, { "cve": "CVE-2007-1863", "discovery_date": "2007-05-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "244658" } ], "notes": [ { "category": "description", "text": "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd mod_cache segfault", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1863" }, { "category": "external", "summary": "RHBZ#244658", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1863", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1863" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863" } ], "release_date": "2007-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd mod_cache segfault" }, { "cve": "CVE-2007-3304", "discovery_date": "2007-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "245111" } ], "notes": [ { "category": "description", "text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd scoreboard lack of PID protection", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3304" }, { "category": "external", "summary": "RHBZ#245111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304" } ], "release_date": "2007-06-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd scoreboard lack of PID protection" }, { "cve": "CVE-2007-3382", "discovery_date": "2007-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "247972" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat handling of cookies", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3382" }, { "category": "external", "summary": "RHBZ#247972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382" } ], "release_date": "2007-08-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat handling of cookies" }, { "cve": "CVE-2007-3385", "discovery_date": "2007-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "247976" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat handling of cookie values", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3385" }, { "category": "external", "summary": "RHBZ#247976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385" } ], "release_date": "2007-08-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat handling of cookie values" }, { "cve": "CVE-2007-3847", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2007-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "250731" } ], "notes": [ { "category": "description", "text": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: out of bounds read", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3847" }, { "category": "external", "summary": "RHBZ#250731", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3847", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847" } ], "release_date": "2007-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: out of bounds read" }, { "cve": "CVE-2007-4465", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "289511" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_autoindex XSS", "title": "Vulnerability summary" }, { "category": "other", "text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4465" }, { "category": "external", "summary": "RHBZ#289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465" } ], "release_date": "2007-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_autoindex XSS" }, { "cve": "CVE-2007-5000", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "419931" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_imagemap XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5000" }, { "category": "external", "summary": "RHBZ#419931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000" } ], "release_date": "2007-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_imagemap XSS" }, { "acknowledgments": [ { "names": [ "Tavis Ormandy", "Will Drewry" ] } ], "cve": "CVE-2007-5116", "discovery_date": "2007-09-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "323571" } ], "notes": [ { "category": "description", "text": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.", "title": "Vulnerability description" }, { "category": "summary", "text": "perl regular expression UTF parsing errors", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5116" }, { "category": "external", "summary": "RHBZ#323571", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5116", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5116" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116" } ], "release_date": "2007-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "perl regular expression UTF parsing errors" }, { "cve": "CVE-2007-5333", "discovery_date": "2008-01-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427766" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.", "title": "Vulnerability description" }, { "category": "summary", "text": "Improve cookie parsing for tomcat5", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5333" }, { "category": "external", "summary": "RHBZ#427766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333" } ], "release_date": "2008-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Improve cookie parsing for tomcat5" }, { "cve": "CVE-2007-5461", "discovery_date": "2007-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "333791" } ], "notes": [ { "category": "description", "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", "title": "Vulnerability description" }, { "category": "summary", "text": "Absolute path traversal Apache Tomcat WEBDAV", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5461" }, { "category": "external", "summary": "RHBZ#333791", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461" } ], "release_date": "2007-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Absolute path traversal Apache Tomcat WEBDAV" }, { "cve": "CVE-2007-6388", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427228" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache mod_status cross-site scripting", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6388" }, { "category": "external", "summary": "RHBZ#427228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388" } ], "release_date": "2007-12-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache mod_status cross-site scripting" }, { "cve": "CVE-2008-0005", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427739" } ], "notes": [ { "category": "description", "text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_proxy_ftp XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0005" }, { "category": "external", "summary": "RHBZ#427739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0005", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005" } ], "release_date": "2008-01-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_proxy_ftp XSS" }, { "cve": "CVE-2008-0128", "discovery_date": "2008-01-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "429821" } ], "notes": [ { "category": "description", "text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat5 SSO cookie login information disclosure", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0128" }, { "category": "external", "summary": "RHBZ#429821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0128" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128" } ], "release_date": "2006-12-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat5 SSO cookie login information disclosure" }, { "cve": "CVE-2008-1232", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "457597" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Cross-Site-Scripting enabled by sendError call", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1232" }, { "category": "external", "summary": "RHBZ#457597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232" } ], "release_date": "2008-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: Cross-Site-Scripting enabled by sendError call" }, { "cve": "CVE-2008-1927", "discovery_date": "2008-04-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "443928" } ], "notes": [ { "category": "description", "text": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.", "title": "Vulnerability description" }, { "category": "summary", "text": "perl: heap corruption by regular expressions with utf8 characters", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1927" }, { "category": "external", "summary": "RHBZ#443928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1927", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1927" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927" } ], "release_date": "2007-12-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "perl: heap corruption by regular expressions with utf8 characters" }, { "cve": "CVE-2008-2364", "discovery_date": "2008-05-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "451615" } ], "notes": [ { "category": "description", "text": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-2364" }, { "category": "external", "summary": "RHBZ#451615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2364", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2364" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364" } ], "release_date": "2008-06-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server" }, { "cve": "CVE-2008-2370", "discovery_date": "2008-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "457934" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat RequestDispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-2370" }, { "category": "external", "summary": "RHBZ#457934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370" } ], "release_date": "2008-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat RequestDispatcher information disclosure vulnerability" }, { "cve": "CVE-2008-2939", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-08-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "458250" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_ftp globbing XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-2939" }, { "category": "external", "summary": "RHBZ#458250", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2939", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2939" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939" } ], "release_date": "2008-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_proxy_ftp globbing XSS" }, { "cve": "CVE-2008-5515", "discovery_date": "2009-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504753" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat request dispatcher information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5515" }, { "category": "external", "summary": "RHBZ#504753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515" } ], "release_date": "2009-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat request dispatcher information disclosure vulnerability" }, { "cve": "CVE-2009-0023", "discovery_date": "2009-06-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "503928" } ], "notes": [ { "category": "description", "text": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr-util heap buffer underwrite", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0023" }, { "category": "external", "summary": "RHBZ#503928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0023", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apr-util heap buffer underwrite" }, { "cve": "CVE-2009-0033", "discovery_date": "2009-01-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "493381" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Denial-Of-Service with AJP connection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0033" }, { "category": "external", "summary": "RHBZ#493381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat6 Denial-Of-Service with AJP connection" }, { "cve": "CVE-2009-0580", "discovery_date": "2009-06-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "503978" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat6 Information disclosure in authentication classes", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0580" }, { "category": "external", "summary": "RHBZ#503978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580" } ], "release_date": "2009-06-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat6 Information disclosure in authentication classes" }, { "cve": "CVE-2009-1891", "discovery_date": "2009-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "509125" } ], "notes": [ { "category": "description", "text": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: possible temporary DoS (CPU consumption) in mod_deflate", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-1891" }, { "category": "external", "summary": "RHBZ#509125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1891", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1891" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891" } ], "release_date": "2009-06-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: possible temporary DoS (CPU consumption) in mod_deflate" }, { "cve": "CVE-2009-1955", "discovery_date": "2009-06-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504555" } ], "notes": [ { "category": "description", "text": "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr-util billion laughs attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-1955" }, { "category": "external", "summary": "RHBZ#504555", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1955", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1955" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955" } ], "release_date": "2009-06-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apr-util billion laughs attack" }, { "cve": "CVE-2009-1956", "discovery_date": "2009-06-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "504390" } ], "notes": [ { "category": "description", "text": "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr-util single NULL byte buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-1956" }, { "category": "external", "summary": "RHBZ#504390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1956", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1956" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956" } ], "release_date": "2009-04-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apr-util single NULL byte buffer overflow" }, { "cve": "CVE-2009-2412", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2009-07-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "515698" } ], "notes": [ { "category": "description", "text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2412" }, { "category": "external", "summary": "RHBZ#515698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2412" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412" } ], "release_date": "2009-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management" }, { "cve": "CVE-2009-3094", "discovery_date": "2009-09-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "521619" } ], "notes": [ { "category": "description", "text": "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3094" }, { "category": "external", "summary": "RHBZ#521619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3094", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3094" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094" } ], "release_date": "2009-09-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply" }, { "cve": "CVE-2009-3095", "discovery_date": "2009-09-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "522209" } ], "notes": [ { "category": "description", "text": "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3095" }, { "category": "external", "summary": "RHBZ#522209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3095", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3095" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095" } ], "release_date": "2009-09-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header" }, { "cve": "CVE-2009-4901", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2010-05-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "596426" } ], "notes": [ { "category": "description", "text": "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.", "title": "Vulnerability description" }, { "category": "summary", "text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-4901" }, { "category": "external", "summary": "RHBZ#596426", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-4901", "url": "https://www.cve.org/CVERecord?id=CVE-2009-4901" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901" } ], "release_date": "2010-06-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages" }, { "cve": "CVE-2010-0407", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2010-05-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "596426" } ], "notes": [ { "category": "description", "text": "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.", "title": "Vulnerability description" }, { "category": "summary", "text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0407" }, { "category": "external", "summary": "RHBZ#596426", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0407", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407" } ], "release_date": "2010-06-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages" }, { "cve": "CVE-2010-0434", "discovery_date": "2010-03-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "570171" } ], "notes": [ { "category": "description", "text": "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: request header information leak", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-0434" }, { "category": "external", "summary": "RHBZ#570171", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0434", "url": "https://www.cve.org/CVERecord?id=CVE-2010-0434" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434" } ], "release_date": "2009-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-04T21:30:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0602" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: request header information leak" } ] }
rhsa-2008_0004
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated apache packages that fix several security issues are now available\nfor Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "The Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site scripting\nattack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the \"AddDefaultCharset\" directive has been removed\nfrom the configuration, a cross-site scripting attack was possible against\nWeb browsers which did not correctly derive the response character set\nfollowing the rules in RFC 2616. (CVE-2007-4465)\n\nA flaw was found in the mod_status module. On sites where mod_status was\nenabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\nwas enabled and a forward proxy was configured, a cross-site scripting\nattack was possible against Web browsers which did not correctly derive the\nresponse character set following the rules in RFC 2616. (CVE-2008-0005)\n\nUsers of Apache should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Users should restart Apache\nafter installing this update.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0004", "url": "https://access.redhat.com/errata/RHSA-2008:0004" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#moderate", "url": "http://www.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "419931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931" }, { "category": "external", "summary": "427228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228" }, { "category": "external", "summary": "427739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0004.json" } ], "title": "Red Hat Security Advisory: apache security update", "tracking": { "current_release_date": "2024-11-05T16:50:58+00:00", "generator": { "date": "2024-11-05T16:50:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2008:0004", "initial_release_date": "2008-01-15T09:09:00+00:00", "revision_history": [ { "date": "2008-01-15T09:09:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-01-15T04:09:50+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T16:50:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ", "product": { "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ", "product_id": "2.1AS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as" } } }, { "category": "product_name", "name": "Red Hat Linux Advanced Workstation 2.1", "product": { "name": "Red Hat Linux Advanced Workstation 2.1", "product_id": "2.1AW", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 2.1", "product": { "name": "Red Hat Enterprise Linux ES version 2.1", "product_id": "2.1ES", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 2.1", "product": { "name": "Red Hat Enterprise Linux WS version 2.1", "product_id": "2.1WS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "apache-manual-0:1.3.27-14.ent.ia64", "product": { "name": "apache-manual-0:1.3.27-14.ent.ia64", "product_id": "apache-manual-0:1.3.27-14.ent.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-manual@1.3.27-14.ent?arch=ia64" } } }, { "category": "product_version", "name": "apache-devel-0:1.3.27-14.ent.ia64", "product": { "name": "apache-devel-0:1.3.27-14.ent.ia64", "product_id": "apache-devel-0:1.3.27-14.ent.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-devel@1.3.27-14.ent?arch=ia64" } } }, { "category": "product_version", "name": "apache-0:1.3.27-14.ent.ia64", "product": { "name": "apache-0:1.3.27-14.ent.ia64", "product_id": "apache-0:1.3.27-14.ent.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache@1.3.27-14.ent?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "apache-0:1.3.27-14.ent.src", "product": { "name": "apache-0:1.3.27-14.ent.src", "product_id": "apache-0:1.3.27-14.ent.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache@1.3.27-14.ent?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "apache-manual-0:1.3.27-14.ent.i386", "product": { "name": "apache-manual-0:1.3.27-14.ent.i386", "product_id": "apache-manual-0:1.3.27-14.ent.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-manual@1.3.27-14.ent?arch=i386" } } }, { "category": "product_version", "name": "apache-devel-0:1.3.27-14.ent.i386", "product": { "name": "apache-devel-0:1.3.27-14.ent.i386", "product_id": "apache-devel-0:1.3.27-14.ent.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-devel@1.3.27-14.ent?arch=i386" } } }, { "category": "product_version", "name": "apache-0:1.3.27-14.ent.i386", "product": { "name": "apache-0:1.3.27-14.ent.i386", "product_id": "apache-0:1.3.27-14.ent.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache@1.3.27-14.ent?arch=i386" } } } ], "category": "architecture", "name": "i386" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "apache-0:1.3.27-14.ent.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ", "product_id": "2.1AS:apache-0:1.3.27-14.ent.i386" }, "product_reference": "apache-0:1.3.27-14.ent.i386", "relates_to_product_reference": "2.1AS" }, { "category": "default_component_of", "full_product_name": { "name": "apache-0:1.3.27-14.ent.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ", "product_id": "2.1AS:apache-0:1.3.27-14.ent.ia64" }, "product_reference": "apache-0:1.3.27-14.ent.ia64", "relates_to_product_reference": "2.1AS" }, { "category": "default_component_of", "full_product_name": { "name": "apache-0:1.3.27-14.ent.src as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ", "product_id": "2.1AS:apache-0:1.3.27-14.ent.src" }, "product_reference": "apache-0:1.3.27-14.ent.src", "relates_to_product_reference": "2.1AS" }, { "category": "default_component_of", "full_product_name": { "name": "apache-devel-0:1.3.27-14.ent.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ", "product_id": "2.1AS:apache-devel-0:1.3.27-14.ent.i386" }, "product_reference": "apache-devel-0:1.3.27-14.ent.i386", "relates_to_product_reference": "2.1AS" }, { "category": "default_component_of", "full_product_name": { "name": "apache-devel-0:1.3.27-14.ent.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ", "product_id": "2.1AS:apache-devel-0:1.3.27-14.ent.ia64" }, "product_reference": "apache-devel-0:1.3.27-14.ent.ia64", "relates_to_product_reference": "2.1AS" }, { "category": "default_component_of", "full_product_name": { "name": "apache-manual-0:1.3.27-14.ent.i386 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ", "product_id": "2.1AS:apache-manual-0:1.3.27-14.ent.i386" }, "product_reference": "apache-manual-0:1.3.27-14.ent.i386", "relates_to_product_reference": "2.1AS" }, { "category": "default_component_of", "full_product_name": { "name": "apache-manual-0:1.3.27-14.ent.ia64 as a component of Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ", "product_id": "2.1AS:apache-manual-0:1.3.27-14.ent.ia64" }, "product_reference": "apache-manual-0:1.3.27-14.ent.ia64", "relates_to_product_reference": "2.1AS" }, { "category": "default_component_of", "full_product_name": { "name": "apache-0:1.3.27-14.ent.i386 as a component of Red Hat Linux Advanced Workstation 2.1", "product_id": "2.1AW:apache-0:1.3.27-14.ent.i386" }, "product_reference": "apache-0:1.3.27-14.ent.i386", "relates_to_product_reference": "2.1AW" }, { "category": "default_component_of", "full_product_name": { "name": "apache-0:1.3.27-14.ent.ia64 as a component of Red Hat Linux Advanced Workstation 2.1", "product_id": "2.1AW:apache-0:1.3.27-14.ent.ia64" }, "product_reference": "apache-0:1.3.27-14.ent.ia64", "relates_to_product_reference": "2.1AW" }, { "category": "default_component_of", "full_product_name": { "name": "apache-0:1.3.27-14.ent.src as a component of Red Hat Linux Advanced Workstation 2.1", "product_id": "2.1AW:apache-0:1.3.27-14.ent.src" }, "product_reference": "apache-0:1.3.27-14.ent.src", "relates_to_product_reference": "2.1AW" }, { "category": "default_component_of", "full_product_name": { "name": "apache-devel-0:1.3.27-14.ent.i386 as a component of Red Hat Linux Advanced Workstation 2.1", "product_id": "2.1AW:apache-devel-0:1.3.27-14.ent.i386" }, "product_reference": "apache-devel-0:1.3.27-14.ent.i386", "relates_to_product_reference": "2.1AW" }, { "category": "default_component_of", "full_product_name": { "name": "apache-devel-0:1.3.27-14.ent.ia64 as a component of Red Hat Linux Advanced Workstation 2.1", "product_id": "2.1AW:apache-devel-0:1.3.27-14.ent.ia64" }, "product_reference": "apache-devel-0:1.3.27-14.ent.ia64", "relates_to_product_reference": "2.1AW" }, { "category": "default_component_of", "full_product_name": { "name": "apache-manual-0:1.3.27-14.ent.i386 as a component of Red Hat Linux Advanced Workstation 2.1", "product_id": "2.1AW:apache-manual-0:1.3.27-14.ent.i386" }, "product_reference": "apache-manual-0:1.3.27-14.ent.i386", "relates_to_product_reference": "2.1AW" }, { "category": "default_component_of", "full_product_name": { "name": "apache-manual-0:1.3.27-14.ent.ia64 as a component of Red Hat Linux Advanced Workstation 2.1", "product_id": "2.1AW:apache-manual-0:1.3.27-14.ent.ia64" }, "product_reference": "apache-manual-0:1.3.27-14.ent.ia64", "relates_to_product_reference": "2.1AW" }, { "category": "default_component_of", "full_product_name": { "name": "apache-0:1.3.27-14.ent.i386 as a component of Red Hat Enterprise Linux ES version 2.1", "product_id": "2.1ES:apache-0:1.3.27-14.ent.i386" }, "product_reference": "apache-0:1.3.27-14.ent.i386", "relates_to_product_reference": "2.1ES" }, { "category": "default_component_of", "full_product_name": { "name": "apache-0:1.3.27-14.ent.ia64 as a component of Red Hat Enterprise Linux ES version 2.1", "product_id": "2.1ES:apache-0:1.3.27-14.ent.ia64" }, "product_reference": "apache-0:1.3.27-14.ent.ia64", "relates_to_product_reference": "2.1ES" }, { "category": "default_component_of", "full_product_name": { "name": "apache-0:1.3.27-14.ent.src as a component of Red Hat Enterprise Linux ES version 2.1", "product_id": "2.1ES:apache-0:1.3.27-14.ent.src" }, "product_reference": "apache-0:1.3.27-14.ent.src", "relates_to_product_reference": "2.1ES" }, { "category": "default_component_of", "full_product_name": { "name": "apache-devel-0:1.3.27-14.ent.i386 as a component of Red Hat Enterprise Linux ES version 2.1", "product_id": "2.1ES:apache-devel-0:1.3.27-14.ent.i386" }, "product_reference": "apache-devel-0:1.3.27-14.ent.i386", "relates_to_product_reference": "2.1ES" }, { "category": "default_component_of", "full_product_name": { "name": "apache-devel-0:1.3.27-14.ent.ia64 as a component of Red Hat Enterprise Linux ES version 2.1", "product_id": "2.1ES:apache-devel-0:1.3.27-14.ent.ia64" }, "product_reference": "apache-devel-0:1.3.27-14.ent.ia64", "relates_to_product_reference": "2.1ES" }, { "category": "default_component_of", "full_product_name": { "name": "apache-manual-0:1.3.27-14.ent.i386 as a component of Red Hat Enterprise Linux ES version 2.1", "product_id": "2.1ES:apache-manual-0:1.3.27-14.ent.i386" }, "product_reference": "apache-manual-0:1.3.27-14.ent.i386", "relates_to_product_reference": "2.1ES" }, { "category": "default_component_of", "full_product_name": { "name": "apache-manual-0:1.3.27-14.ent.ia64 as a component of Red Hat Enterprise Linux ES version 2.1", "product_id": "2.1ES:apache-manual-0:1.3.27-14.ent.ia64" }, "product_reference": "apache-manual-0:1.3.27-14.ent.ia64", "relates_to_product_reference": "2.1ES" }, { "category": "default_component_of", "full_product_name": { "name": "apache-0:1.3.27-14.ent.i386 as a component of Red Hat Enterprise Linux WS version 2.1", "product_id": "2.1WS:apache-0:1.3.27-14.ent.i386" }, "product_reference": "apache-0:1.3.27-14.ent.i386", "relates_to_product_reference": "2.1WS" }, { "category": "default_component_of", "full_product_name": { "name": "apache-0:1.3.27-14.ent.ia64 as a component of Red Hat Enterprise Linux WS version 2.1", "product_id": "2.1WS:apache-0:1.3.27-14.ent.ia64" }, "product_reference": "apache-0:1.3.27-14.ent.ia64", "relates_to_product_reference": "2.1WS" }, { "category": "default_component_of", "full_product_name": { "name": "apache-0:1.3.27-14.ent.src as a component of Red Hat Enterprise Linux WS version 2.1", "product_id": "2.1WS:apache-0:1.3.27-14.ent.src" }, "product_reference": "apache-0:1.3.27-14.ent.src", "relates_to_product_reference": "2.1WS" }, { "category": "default_component_of", "full_product_name": { "name": "apache-devel-0:1.3.27-14.ent.i386 as a component of Red Hat Enterprise Linux WS version 2.1", "product_id": "2.1WS:apache-devel-0:1.3.27-14.ent.i386" }, "product_reference": "apache-devel-0:1.3.27-14.ent.i386", "relates_to_product_reference": "2.1WS" }, { "category": "default_component_of", "full_product_name": { "name": "apache-devel-0:1.3.27-14.ent.ia64 as a component of Red Hat Enterprise Linux WS version 2.1", "product_id": "2.1WS:apache-devel-0:1.3.27-14.ent.ia64" }, "product_reference": "apache-devel-0:1.3.27-14.ent.ia64", "relates_to_product_reference": "2.1WS" }, { "category": "default_component_of", "full_product_name": { "name": "apache-manual-0:1.3.27-14.ent.i386 as a component of Red Hat Enterprise Linux WS version 2.1", "product_id": "2.1WS:apache-manual-0:1.3.27-14.ent.i386" }, "product_reference": "apache-manual-0:1.3.27-14.ent.i386", "relates_to_product_reference": "2.1WS" }, { "category": "default_component_of", "full_product_name": { "name": "apache-manual-0:1.3.27-14.ent.ia64 as a component of Red Hat Enterprise Linux WS version 2.1", "product_id": "2.1WS:apache-manual-0:1.3.27-14.ent.ia64" }, "product_reference": "apache-manual-0:1.3.27-14.ent.ia64", "relates_to_product_reference": "2.1WS" } ] }, "vulnerabilities": [ { "cve": "CVE-2007-4465", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "289511" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_autoindex XSS", "title": "Vulnerability summary" }, { "category": "other", "text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "2.1AS:apache-0:1.3.27-14.ent.i386", "2.1AS:apache-0:1.3.27-14.ent.ia64", "2.1AS:apache-0:1.3.27-14.ent.src", "2.1AS:apache-devel-0:1.3.27-14.ent.i386", "2.1AS:apache-devel-0:1.3.27-14.ent.ia64", "2.1AS:apache-manual-0:1.3.27-14.ent.i386", "2.1AS:apache-manual-0:1.3.27-14.ent.ia64", "2.1AW:apache-0:1.3.27-14.ent.i386", "2.1AW:apache-0:1.3.27-14.ent.ia64", "2.1AW:apache-0:1.3.27-14.ent.src", "2.1AW:apache-devel-0:1.3.27-14.ent.i386", "2.1AW:apache-devel-0:1.3.27-14.ent.ia64", "2.1AW:apache-manual-0:1.3.27-14.ent.i386", "2.1AW:apache-manual-0:1.3.27-14.ent.ia64", "2.1ES:apache-0:1.3.27-14.ent.i386", "2.1ES:apache-0:1.3.27-14.ent.ia64", "2.1ES:apache-0:1.3.27-14.ent.src", "2.1ES:apache-devel-0:1.3.27-14.ent.i386", "2.1ES:apache-devel-0:1.3.27-14.ent.ia64", "2.1ES:apache-manual-0:1.3.27-14.ent.i386", "2.1ES:apache-manual-0:1.3.27-14.ent.ia64", "2.1WS:apache-0:1.3.27-14.ent.i386", "2.1WS:apache-0:1.3.27-14.ent.ia64", "2.1WS:apache-0:1.3.27-14.ent.src", "2.1WS:apache-devel-0:1.3.27-14.ent.i386", "2.1WS:apache-devel-0:1.3.27-14.ent.ia64", "2.1WS:apache-manual-0:1.3.27-14.ent.i386", "2.1WS:apache-manual-0:1.3.27-14.ent.ia64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4465" }, { "category": "external", "summary": "RHBZ#289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465" } ], "release_date": "2007-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:09:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "2.1AS:apache-0:1.3.27-14.ent.i386", "2.1AS:apache-0:1.3.27-14.ent.ia64", "2.1AS:apache-0:1.3.27-14.ent.src", "2.1AS:apache-devel-0:1.3.27-14.ent.i386", "2.1AS:apache-devel-0:1.3.27-14.ent.ia64", "2.1AS:apache-manual-0:1.3.27-14.ent.i386", "2.1AS:apache-manual-0:1.3.27-14.ent.ia64", "2.1AW:apache-0:1.3.27-14.ent.i386", "2.1AW:apache-0:1.3.27-14.ent.ia64", "2.1AW:apache-0:1.3.27-14.ent.src", "2.1AW:apache-devel-0:1.3.27-14.ent.i386", "2.1AW:apache-devel-0:1.3.27-14.ent.ia64", "2.1AW:apache-manual-0:1.3.27-14.ent.i386", "2.1AW:apache-manual-0:1.3.27-14.ent.ia64", "2.1ES:apache-0:1.3.27-14.ent.i386", "2.1ES:apache-0:1.3.27-14.ent.ia64", "2.1ES:apache-0:1.3.27-14.ent.src", "2.1ES:apache-devel-0:1.3.27-14.ent.i386", "2.1ES:apache-devel-0:1.3.27-14.ent.ia64", "2.1ES:apache-manual-0:1.3.27-14.ent.i386", "2.1ES:apache-manual-0:1.3.27-14.ent.ia64", "2.1WS:apache-0:1.3.27-14.ent.i386", "2.1WS:apache-0:1.3.27-14.ent.ia64", "2.1WS:apache-0:1.3.27-14.ent.src", "2.1WS:apache-devel-0:1.3.27-14.ent.i386", "2.1WS:apache-devel-0:1.3.27-14.ent.ia64", "2.1WS:apache-manual-0:1.3.27-14.ent.i386", "2.1WS:apache-manual-0:1.3.27-14.ent.ia64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0004" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_autoindex XSS" }, { "cve": "CVE-2007-5000", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "419931" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_imagemap XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "2.1AS:apache-0:1.3.27-14.ent.i386", "2.1AS:apache-0:1.3.27-14.ent.ia64", "2.1AS:apache-0:1.3.27-14.ent.src", "2.1AS:apache-devel-0:1.3.27-14.ent.i386", "2.1AS:apache-devel-0:1.3.27-14.ent.ia64", "2.1AS:apache-manual-0:1.3.27-14.ent.i386", "2.1AS:apache-manual-0:1.3.27-14.ent.ia64", "2.1AW:apache-0:1.3.27-14.ent.i386", "2.1AW:apache-0:1.3.27-14.ent.ia64", "2.1AW:apache-0:1.3.27-14.ent.src", "2.1AW:apache-devel-0:1.3.27-14.ent.i386", "2.1AW:apache-devel-0:1.3.27-14.ent.ia64", "2.1AW:apache-manual-0:1.3.27-14.ent.i386", "2.1AW:apache-manual-0:1.3.27-14.ent.ia64", "2.1ES:apache-0:1.3.27-14.ent.i386", "2.1ES:apache-0:1.3.27-14.ent.ia64", "2.1ES:apache-0:1.3.27-14.ent.src", "2.1ES:apache-devel-0:1.3.27-14.ent.i386", "2.1ES:apache-devel-0:1.3.27-14.ent.ia64", "2.1ES:apache-manual-0:1.3.27-14.ent.i386", "2.1ES:apache-manual-0:1.3.27-14.ent.ia64", "2.1WS:apache-0:1.3.27-14.ent.i386", "2.1WS:apache-0:1.3.27-14.ent.ia64", "2.1WS:apache-0:1.3.27-14.ent.src", "2.1WS:apache-devel-0:1.3.27-14.ent.i386", "2.1WS:apache-devel-0:1.3.27-14.ent.ia64", "2.1WS:apache-manual-0:1.3.27-14.ent.i386", "2.1WS:apache-manual-0:1.3.27-14.ent.ia64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5000" }, { "category": "external", "summary": "RHBZ#419931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000" } ], "release_date": "2007-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:09:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "2.1AS:apache-0:1.3.27-14.ent.i386", "2.1AS:apache-0:1.3.27-14.ent.ia64", "2.1AS:apache-0:1.3.27-14.ent.src", "2.1AS:apache-devel-0:1.3.27-14.ent.i386", "2.1AS:apache-devel-0:1.3.27-14.ent.ia64", "2.1AS:apache-manual-0:1.3.27-14.ent.i386", "2.1AS:apache-manual-0:1.3.27-14.ent.ia64", "2.1AW:apache-0:1.3.27-14.ent.i386", "2.1AW:apache-0:1.3.27-14.ent.ia64", "2.1AW:apache-0:1.3.27-14.ent.src", "2.1AW:apache-devel-0:1.3.27-14.ent.i386", "2.1AW:apache-devel-0:1.3.27-14.ent.ia64", "2.1AW:apache-manual-0:1.3.27-14.ent.i386", "2.1AW:apache-manual-0:1.3.27-14.ent.ia64", "2.1ES:apache-0:1.3.27-14.ent.i386", "2.1ES:apache-0:1.3.27-14.ent.ia64", "2.1ES:apache-0:1.3.27-14.ent.src", "2.1ES:apache-devel-0:1.3.27-14.ent.i386", "2.1ES:apache-devel-0:1.3.27-14.ent.ia64", "2.1ES:apache-manual-0:1.3.27-14.ent.i386", "2.1ES:apache-manual-0:1.3.27-14.ent.ia64", "2.1WS:apache-0:1.3.27-14.ent.i386", "2.1WS:apache-0:1.3.27-14.ent.ia64", "2.1WS:apache-0:1.3.27-14.ent.src", "2.1WS:apache-devel-0:1.3.27-14.ent.i386", "2.1WS:apache-devel-0:1.3.27-14.ent.ia64", "2.1WS:apache-manual-0:1.3.27-14.ent.i386", "2.1WS:apache-manual-0:1.3.27-14.ent.ia64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0004" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_imagemap XSS" }, { "cve": "CVE-2007-6388", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427228" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache mod_status cross-site scripting", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "2.1AS:apache-0:1.3.27-14.ent.i386", "2.1AS:apache-0:1.3.27-14.ent.ia64", "2.1AS:apache-0:1.3.27-14.ent.src", "2.1AS:apache-devel-0:1.3.27-14.ent.i386", "2.1AS:apache-devel-0:1.3.27-14.ent.ia64", "2.1AS:apache-manual-0:1.3.27-14.ent.i386", "2.1AS:apache-manual-0:1.3.27-14.ent.ia64", "2.1AW:apache-0:1.3.27-14.ent.i386", "2.1AW:apache-0:1.3.27-14.ent.ia64", "2.1AW:apache-0:1.3.27-14.ent.src", "2.1AW:apache-devel-0:1.3.27-14.ent.i386", "2.1AW:apache-devel-0:1.3.27-14.ent.ia64", "2.1AW:apache-manual-0:1.3.27-14.ent.i386", "2.1AW:apache-manual-0:1.3.27-14.ent.ia64", "2.1ES:apache-0:1.3.27-14.ent.i386", "2.1ES:apache-0:1.3.27-14.ent.ia64", "2.1ES:apache-0:1.3.27-14.ent.src", "2.1ES:apache-devel-0:1.3.27-14.ent.i386", "2.1ES:apache-devel-0:1.3.27-14.ent.ia64", "2.1ES:apache-manual-0:1.3.27-14.ent.i386", "2.1ES:apache-manual-0:1.3.27-14.ent.ia64", "2.1WS:apache-0:1.3.27-14.ent.i386", "2.1WS:apache-0:1.3.27-14.ent.ia64", "2.1WS:apache-0:1.3.27-14.ent.src", "2.1WS:apache-devel-0:1.3.27-14.ent.i386", "2.1WS:apache-devel-0:1.3.27-14.ent.ia64", "2.1WS:apache-manual-0:1.3.27-14.ent.i386", "2.1WS:apache-manual-0:1.3.27-14.ent.ia64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6388" }, { "category": "external", "summary": "RHBZ#427228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388" } ], "release_date": "2007-12-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:09:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "2.1AS:apache-0:1.3.27-14.ent.i386", "2.1AS:apache-0:1.3.27-14.ent.ia64", "2.1AS:apache-0:1.3.27-14.ent.src", "2.1AS:apache-devel-0:1.3.27-14.ent.i386", "2.1AS:apache-devel-0:1.3.27-14.ent.ia64", "2.1AS:apache-manual-0:1.3.27-14.ent.i386", "2.1AS:apache-manual-0:1.3.27-14.ent.ia64", "2.1AW:apache-0:1.3.27-14.ent.i386", "2.1AW:apache-0:1.3.27-14.ent.ia64", "2.1AW:apache-0:1.3.27-14.ent.src", "2.1AW:apache-devel-0:1.3.27-14.ent.i386", "2.1AW:apache-devel-0:1.3.27-14.ent.ia64", "2.1AW:apache-manual-0:1.3.27-14.ent.i386", "2.1AW:apache-manual-0:1.3.27-14.ent.ia64", "2.1ES:apache-0:1.3.27-14.ent.i386", "2.1ES:apache-0:1.3.27-14.ent.ia64", "2.1ES:apache-0:1.3.27-14.ent.src", "2.1ES:apache-devel-0:1.3.27-14.ent.i386", "2.1ES:apache-devel-0:1.3.27-14.ent.ia64", "2.1ES:apache-manual-0:1.3.27-14.ent.i386", "2.1ES:apache-manual-0:1.3.27-14.ent.ia64", "2.1WS:apache-0:1.3.27-14.ent.i386", "2.1WS:apache-0:1.3.27-14.ent.ia64", "2.1WS:apache-0:1.3.27-14.ent.src", "2.1WS:apache-devel-0:1.3.27-14.ent.i386", "2.1WS:apache-devel-0:1.3.27-14.ent.ia64", "2.1WS:apache-manual-0:1.3.27-14.ent.i386", "2.1WS:apache-manual-0:1.3.27-14.ent.ia64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0004" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache mod_status cross-site scripting" }, { "cve": "CVE-2008-0005", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427739" } ], "notes": [ { "category": "description", "text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_proxy_ftp XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "2.1AS:apache-0:1.3.27-14.ent.i386", "2.1AS:apache-0:1.3.27-14.ent.ia64", "2.1AS:apache-0:1.3.27-14.ent.src", "2.1AS:apache-devel-0:1.3.27-14.ent.i386", "2.1AS:apache-devel-0:1.3.27-14.ent.ia64", "2.1AS:apache-manual-0:1.3.27-14.ent.i386", "2.1AS:apache-manual-0:1.3.27-14.ent.ia64", "2.1AW:apache-0:1.3.27-14.ent.i386", "2.1AW:apache-0:1.3.27-14.ent.ia64", "2.1AW:apache-0:1.3.27-14.ent.src", "2.1AW:apache-devel-0:1.3.27-14.ent.i386", "2.1AW:apache-devel-0:1.3.27-14.ent.ia64", "2.1AW:apache-manual-0:1.3.27-14.ent.i386", "2.1AW:apache-manual-0:1.3.27-14.ent.ia64", "2.1ES:apache-0:1.3.27-14.ent.i386", "2.1ES:apache-0:1.3.27-14.ent.ia64", "2.1ES:apache-0:1.3.27-14.ent.src", "2.1ES:apache-devel-0:1.3.27-14.ent.i386", "2.1ES:apache-devel-0:1.3.27-14.ent.ia64", "2.1ES:apache-manual-0:1.3.27-14.ent.i386", "2.1ES:apache-manual-0:1.3.27-14.ent.ia64", "2.1WS:apache-0:1.3.27-14.ent.i386", "2.1WS:apache-0:1.3.27-14.ent.ia64", "2.1WS:apache-0:1.3.27-14.ent.src", "2.1WS:apache-devel-0:1.3.27-14.ent.i386", "2.1WS:apache-devel-0:1.3.27-14.ent.ia64", "2.1WS:apache-manual-0:1.3.27-14.ent.i386", "2.1WS:apache-manual-0:1.3.27-14.ent.ia64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0005" }, { "category": "external", "summary": "RHBZ#427739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0005", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005" } ], "release_date": "2008-01-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:09:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "2.1AS:apache-0:1.3.27-14.ent.i386", "2.1AS:apache-0:1.3.27-14.ent.ia64", "2.1AS:apache-0:1.3.27-14.ent.src", "2.1AS:apache-devel-0:1.3.27-14.ent.i386", "2.1AS:apache-devel-0:1.3.27-14.ent.ia64", "2.1AS:apache-manual-0:1.3.27-14.ent.i386", "2.1AS:apache-manual-0:1.3.27-14.ent.ia64", "2.1AW:apache-0:1.3.27-14.ent.i386", "2.1AW:apache-0:1.3.27-14.ent.ia64", "2.1AW:apache-0:1.3.27-14.ent.src", "2.1AW:apache-devel-0:1.3.27-14.ent.i386", "2.1AW:apache-devel-0:1.3.27-14.ent.ia64", "2.1AW:apache-manual-0:1.3.27-14.ent.i386", "2.1AW:apache-manual-0:1.3.27-14.ent.ia64", "2.1ES:apache-0:1.3.27-14.ent.i386", "2.1ES:apache-0:1.3.27-14.ent.ia64", "2.1ES:apache-0:1.3.27-14.ent.src", "2.1ES:apache-devel-0:1.3.27-14.ent.i386", "2.1ES:apache-devel-0:1.3.27-14.ent.ia64", "2.1ES:apache-manual-0:1.3.27-14.ent.i386", "2.1ES:apache-manual-0:1.3.27-14.ent.ia64", "2.1WS:apache-0:1.3.27-14.ent.i386", "2.1WS:apache-0:1.3.27-14.ent.ia64", "2.1WS:apache-0:1.3.27-14.ent.src", "2.1WS:apache-devel-0:1.3.27-14.ent.i386", "2.1WS:apache-devel-0:1.3.27-14.ent.ia64", "2.1WS:apache-manual-0:1.3.27-14.ent.i386", "2.1WS:apache-manual-0:1.3.27-14.ent.ia64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0004" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_proxy_ftp XSS" } ] }
rhsa-2008_0006
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated Apache httpd packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "The Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site scripting\nattack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the \"AddDefaultCharset\" directive has been removed\nfrom the configuration, a cross-site scripting attack was possible against\nWeb browsers which do not correctly derive the response character set\nfollowing the rules in RFC 2616. (CVE-2007-4465)\n\nA flaw was found in the mod_status module. On sites where mod_status was\nenabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\nwas enabled and a forward proxy was configured, a cross-site scripting\nattack was possible against Web browsers which do not correctly derive the\nresponse character set following the rules in RFC 2616. (CVE-2008-0005)\n\nUsers of Apache httpd should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should restart\nhttpd after installing this update.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0006", "url": "https://access.redhat.com/errata/RHSA-2008:0006" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#moderate", "url": "http://www.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "419931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931" }, { "category": "external", "summary": "427228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228" }, { "category": "external", "summary": "427739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0006.json" } ], "title": "Red Hat Security Advisory: httpd security update", "tracking": { "current_release_date": "2024-11-05T16:51:07+00:00", "generator": { "date": "2024-11-05T16:51:07+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2008:0006", "initial_release_date": "2008-01-15T09:25:00+00:00", "revision_history": [ { "date": "2008-01-15T09:25:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-01-15T04:25:40+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T16:51:07+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 4", "product": { "name": "Red Hat Enterprise Linux AS version 4", "product_id": "4AS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::as" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop version 4", "product": { "name": "Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::desktop" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 4", "product": { "name": "Red Hat Enterprise Linux ES version 4", "product_id": "4ES", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::es" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 4", "product": { "name": "Red Hat Enterprise Linux WS version 4", "product_id": "4WS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::ws" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "product": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "product_id": "httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.52-38.ent.2?arch=ia64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.0.52-38.ent.2.ia64", "product": { "name": "httpd-devel-0:2.0.52-38.ent.2.ia64", "product_id": "httpd-devel-0:2.0.52-38.ent.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.0.52-38.ent.2?arch=ia64" } } }, { "category": "product_version", "name": "httpd-0:2.0.52-38.ent.2.ia64", "product": { "name": "httpd-0:2.0.52-38.ent.2.ia64", "product_id": "httpd-0:2.0.52-38.ent.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.52-38.ent.2?arch=ia64" } } }, { "category": "product_version", "name": "httpd-manual-0:2.0.52-38.ent.2.ia64", "product": { "name": "httpd-manual-0:2.0.52-38.ent.2.ia64", "product_id": "httpd-manual-0:2.0.52-38.ent.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.0.52-38.ent.2?arch=ia64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.0.52-38.ent.2.ia64", "product": { "name": "mod_ssl-1:2.0.52-38.ent.2.ia64", "product_id": "mod_ssl-1:2.0.52-38.ent.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.0.52-38.ent.2?arch=ia64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-suexec-0:2.0.52-38.ent.2.ia64", "product": { "name": "httpd-suexec-0:2.0.52-38.ent.2.ia64", "product_id": "httpd-suexec-0:2.0.52-38.ent.2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-suexec@2.0.52-38.ent.2?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "product": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "product_id": "httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.52-38.ent.2?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.0.52-38.ent.2.x86_64", "product": { "name": "httpd-devel-0:2.0.52-38.ent.2.x86_64", "product_id": "httpd-devel-0:2.0.52-38.ent.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.0.52-38.ent.2?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-0:2.0.52-38.ent.2.x86_64", "product": { "name": "httpd-0:2.0.52-38.ent.2.x86_64", "product_id": "httpd-0:2.0.52-38.ent.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.52-38.ent.2?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-manual-0:2.0.52-38.ent.2.x86_64", "product": { "name": "httpd-manual-0:2.0.52-38.ent.2.x86_64", "product_id": "httpd-manual-0:2.0.52-38.ent.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.0.52-38.ent.2?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.0.52-38.ent.2.x86_64", "product": { "name": "mod_ssl-1:2.0.52-38.ent.2.x86_64", "product_id": "mod_ssl-1:2.0.52-38.ent.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.0.52-38.ent.2?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-suexec-0:2.0.52-38.ent.2.x86_64", "product": { "name": "httpd-suexec-0:2.0.52-38.ent.2.x86_64", "product_id": "httpd-suexec-0:2.0.52-38.ent.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-suexec@2.0.52-38.ent.2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.0.52-38.ent.2.i386", "product": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.i386", "product_id": "httpd-debuginfo-0:2.0.52-38.ent.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.52-38.ent.2?arch=i386" } } }, { "category": "product_version", "name": "httpd-devel-0:2.0.52-38.ent.2.i386", "product": { "name": "httpd-devel-0:2.0.52-38.ent.2.i386", "product_id": "httpd-devel-0:2.0.52-38.ent.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.0.52-38.ent.2?arch=i386" } } }, { "category": "product_version", "name": "httpd-0:2.0.52-38.ent.2.i386", "product": { "name": "httpd-0:2.0.52-38.ent.2.i386", "product_id": "httpd-0:2.0.52-38.ent.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.52-38.ent.2?arch=i386" } } }, { "category": "product_version", "name": "httpd-manual-0:2.0.52-38.ent.2.i386", "product": { "name": "httpd-manual-0:2.0.52-38.ent.2.i386", "product_id": "httpd-manual-0:2.0.52-38.ent.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.0.52-38.ent.2?arch=i386" } } }, { "category": "product_version", "name": "mod_ssl-1:2.0.52-38.ent.2.i386", "product": { "name": "mod_ssl-1:2.0.52-38.ent.2.i386", "product_id": "mod_ssl-1:2.0.52-38.ent.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.0.52-38.ent.2?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-suexec-0:2.0.52-38.ent.2.i386", "product": { "name": "httpd-suexec-0:2.0.52-38.ent.2.i386", "product_id": "httpd-suexec-0:2.0.52-38.ent.2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-suexec@2.0.52-38.ent.2?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.0.52-38.ent.2.src", "product": { "name": "httpd-0:2.0.52-38.ent.2.src", "product_id": "httpd-0:2.0.52-38.ent.2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.52-38.ent.2?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "product": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "product_id": "httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.52-38.ent.2?arch=ppc" } } }, { "category": "product_version", "name": "httpd-devel-0:2.0.52-38.ent.2.ppc", "product": { "name": "httpd-devel-0:2.0.52-38.ent.2.ppc", "product_id": "httpd-devel-0:2.0.52-38.ent.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.0.52-38.ent.2?arch=ppc" } } }, { "category": "product_version", "name": "httpd-0:2.0.52-38.ent.2.ppc", "product": { "name": "httpd-0:2.0.52-38.ent.2.ppc", "product_id": "httpd-0:2.0.52-38.ent.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.52-38.ent.2?arch=ppc" } } }, { "category": "product_version", "name": "httpd-manual-0:2.0.52-38.ent.2.ppc", "product": { "name": "httpd-manual-0:2.0.52-38.ent.2.ppc", "product_id": "httpd-manual-0:2.0.52-38.ent.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.0.52-38.ent.2?arch=ppc" } } }, { "category": "product_version", "name": "mod_ssl-1:2.0.52-38.ent.2.ppc", "product": { "name": "mod_ssl-1:2.0.52-38.ent.2.ppc", "product_id": "mod_ssl-1:2.0.52-38.ent.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.0.52-38.ent.2?arch=ppc\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-suexec-0:2.0.52-38.ent.2.ppc", "product": { "name": "httpd-suexec-0:2.0.52-38.ent.2.ppc", "product_id": "httpd-suexec-0:2.0.52-38.ent.2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-suexec@2.0.52-38.ent.2?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "product": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "product_id": "httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.52-38.ent.2?arch=s390x" } } }, { "category": "product_version", "name": "httpd-devel-0:2.0.52-38.ent.2.s390x", "product": { "name": "httpd-devel-0:2.0.52-38.ent.2.s390x", "product_id": "httpd-devel-0:2.0.52-38.ent.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.0.52-38.ent.2?arch=s390x" } } }, { "category": "product_version", "name": "httpd-0:2.0.52-38.ent.2.s390x", "product": { "name": "httpd-0:2.0.52-38.ent.2.s390x", "product_id": "httpd-0:2.0.52-38.ent.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.52-38.ent.2?arch=s390x" } } }, { "category": "product_version", "name": "httpd-manual-0:2.0.52-38.ent.2.s390x", "product": { "name": "httpd-manual-0:2.0.52-38.ent.2.s390x", "product_id": "httpd-manual-0:2.0.52-38.ent.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.0.52-38.ent.2?arch=s390x" } } }, { "category": "product_version", "name": "mod_ssl-1:2.0.52-38.ent.2.s390x", "product": { "name": "mod_ssl-1:2.0.52-38.ent.2.s390x", "product_id": "mod_ssl-1:2.0.52-38.ent.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.0.52-38.ent.2?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-suexec-0:2.0.52-38.ent.2.s390x", "product": { "name": "httpd-suexec-0:2.0.52-38.ent.2.s390x", "product_id": "httpd-suexec-0:2.0.52-38.ent.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-suexec@2.0.52-38.ent.2?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "httpd-debuginfo-0:2.0.52-38.ent.2.s390", "product": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.s390", "product_id": "httpd-debuginfo-0:2.0.52-38.ent.2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.52-38.ent.2?arch=s390" } } }, { "category": "product_version", "name": "httpd-devel-0:2.0.52-38.ent.2.s390", "product": { "name": "httpd-devel-0:2.0.52-38.ent.2.s390", "product_id": "httpd-devel-0:2.0.52-38.ent.2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.0.52-38.ent.2?arch=s390" } } }, { "category": "product_version", "name": "httpd-0:2.0.52-38.ent.2.s390", "product": { "name": "httpd-0:2.0.52-38.ent.2.s390", "product_id": "httpd-0:2.0.52-38.ent.2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.52-38.ent.2?arch=s390" } } }, { "category": "product_version", "name": "httpd-manual-0:2.0.52-38.ent.2.s390", "product": { "name": "httpd-manual-0:2.0.52-38.ent.2.s390", "product_id": "httpd-manual-0:2.0.52-38.ent.2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.0.52-38.ent.2?arch=s390" } } }, { "category": "product_version", "name": "mod_ssl-1:2.0.52-38.ent.2.s390", "product": { "name": "mod_ssl-1:2.0.52-38.ent.2.s390", "product_id": "mod_ssl-1:2.0.52-38.ent.2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.0.52-38.ent.2?arch=s390\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-suexec-0:2.0.52-38.ent.2.s390", "product": { "name": "httpd-suexec-0:2.0.52-38.ent.2.s390", "product_id": "httpd-suexec-0:2.0.52-38.ent.2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-suexec@2.0.52-38.ent.2?arch=s390" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.src as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-0:2.0.52-38.ent.2.src" }, "product_reference": "httpd-0:2.0.52-38.ent.2.src", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-devel-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-devel-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-devel-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-devel-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-devel-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-devel-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-manual-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-manual-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-manual-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-manual-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-manual-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-manual-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-suexec-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-suexec-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-suexec-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:httpd-suexec-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:mod_ssl-1:2.0.52-38.ent.2.i386" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:mod_ssl-1:2.0.52-38.ent.2.ia64" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:mod_ssl-1:2.0.52-38.ent.2.ppc" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:mod_ssl-1:2.0.52-38.ent.2.s390" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:mod_ssl-1:2.0.52-38.ent.2.s390x" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:mod_ssl-1:2.0.52-38.ent.2.x86_64" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.src as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-0:2.0.52-38.ent.2.src" }, "product_reference": "httpd-0:2.0.52-38.ent.2.src", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-devel-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-devel-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-manual-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-manual-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:mod_ssl-1:2.0.52-38.ent.2.i386" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ia64" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ppc" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390x" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:mod_ssl-1:2.0.52-38.ent.2.x86_64" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.src as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-0:2.0.52-38.ent.2.src" }, "product_reference": "httpd-0:2.0.52-38.ent.2.src", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-devel-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-devel-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-devel-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-devel-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-devel-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-devel-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-manual-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-manual-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-manual-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-manual-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-manual-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-manual-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-suexec-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-suexec-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-suexec-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:httpd-suexec-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:mod_ssl-1:2.0.52-38.ent.2.i386" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:mod_ssl-1:2.0.52-38.ent.2.ia64" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:mod_ssl-1:2.0.52-38.ent.2.ppc" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:mod_ssl-1:2.0.52-38.ent.2.s390" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:mod_ssl-1:2.0.52-38.ent.2.s390x" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:mod_ssl-1:2.0.52-38.ent.2.x86_64" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.src as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-0:2.0.52-38.ent.2.src" }, "product_reference": "httpd-0:2.0.52-38.ent.2.src", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-devel-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-devel-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-devel-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-devel-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-devel-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-devel-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-devel-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-manual-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-manual-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-manual-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-manual-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-manual-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-manual-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-manual-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-suexec-0:2.0.52-38.ent.2.i386" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-suexec-0:2.0.52-38.ent.2.ia64" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-suexec-0:2.0.52-38.ent.2.ppc" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390x" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-suexec-0:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:httpd-suexec-0:2.0.52-38.ent.2.x86_64" }, "product_reference": "httpd-suexec-0:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.i386 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:mod_ssl-1:2.0.52-38.ent.2.i386" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.i386", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.ia64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:mod_ssl-1:2.0.52-38.ent.2.ia64" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.ia64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.ppc as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:mod_ssl-1:2.0.52-38.ent.2.ppc" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.ppc", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.s390 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:mod_ssl-1:2.0.52-38.ent.2.s390" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.s390", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.s390x as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:mod_ssl-1:2.0.52-38.ent.2.s390x" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.s390x", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.52-38.ent.2.x86_64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:mod_ssl-1:2.0.52-38.ent.2.x86_64" }, "product_reference": "mod_ssl-1:2.0.52-38.ent.2.x86_64", "relates_to_product_reference": "4WS" } ] }, "vulnerabilities": [ { "cve": "CVE-2007-4465", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "289511" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_autoindex XSS", "title": "Vulnerability summary" }, { "category": "other", "text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS:httpd-0:2.0.52-38.ent.2.i386", "4AS:httpd-0:2.0.52-38.ent.2.ia64", "4AS:httpd-0:2.0.52-38.ent.2.ppc", "4AS:httpd-0:2.0.52-38.ent.2.s390", "4AS:httpd-0:2.0.52-38.ent.2.s390x", "4AS:httpd-0:2.0.52-38.ent.2.src", "4AS:httpd-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-devel-0:2.0.52-38.ent.2.i386", "4AS:httpd-devel-0:2.0.52-38.ent.2.ia64", "4AS:httpd-devel-0:2.0.52-38.ent.2.ppc", "4AS:httpd-devel-0:2.0.52-38.ent.2.s390", "4AS:httpd-devel-0:2.0.52-38.ent.2.s390x", "4AS:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-manual-0:2.0.52-38.ent.2.i386", "4AS:httpd-manual-0:2.0.52-38.ent.2.ia64", "4AS:httpd-manual-0:2.0.52-38.ent.2.ppc", "4AS:httpd-manual-0:2.0.52-38.ent.2.s390", "4AS:httpd-manual-0:2.0.52-38.ent.2.s390x", "4AS:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-suexec-0:2.0.52-38.ent.2.i386", "4AS:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4AS:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390", "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4AS:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4AS:mod_ssl-1:2.0.52-38.ent.2.i386", "4AS:mod_ssl-1:2.0.52-38.ent.2.ia64", "4AS:mod_ssl-1:2.0.52-38.ent.2.ppc", "4AS:mod_ssl-1:2.0.52-38.ent.2.s390", "4AS:mod_ssl-1:2.0.52-38.ent.2.s390x", "4AS:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-0:2.0.52-38.ent.2.src", "4Desktop:httpd-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.i386", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ia64", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ppc", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390x", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4ES:httpd-0:2.0.52-38.ent.2.i386", "4ES:httpd-0:2.0.52-38.ent.2.ia64", "4ES:httpd-0:2.0.52-38.ent.2.ppc", "4ES:httpd-0:2.0.52-38.ent.2.s390", "4ES:httpd-0:2.0.52-38.ent.2.s390x", "4ES:httpd-0:2.0.52-38.ent.2.src", "4ES:httpd-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-devel-0:2.0.52-38.ent.2.i386", "4ES:httpd-devel-0:2.0.52-38.ent.2.ia64", "4ES:httpd-devel-0:2.0.52-38.ent.2.ppc", "4ES:httpd-devel-0:2.0.52-38.ent.2.s390", "4ES:httpd-devel-0:2.0.52-38.ent.2.s390x", "4ES:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-manual-0:2.0.52-38.ent.2.i386", "4ES:httpd-manual-0:2.0.52-38.ent.2.ia64", "4ES:httpd-manual-0:2.0.52-38.ent.2.ppc", "4ES:httpd-manual-0:2.0.52-38.ent.2.s390", "4ES:httpd-manual-0:2.0.52-38.ent.2.s390x", "4ES:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-suexec-0:2.0.52-38.ent.2.i386", "4ES:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4ES:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390", "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4ES:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4ES:mod_ssl-1:2.0.52-38.ent.2.i386", "4ES:mod_ssl-1:2.0.52-38.ent.2.ia64", "4ES:mod_ssl-1:2.0.52-38.ent.2.ppc", "4ES:mod_ssl-1:2.0.52-38.ent.2.s390", "4ES:mod_ssl-1:2.0.52-38.ent.2.s390x", "4ES:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4WS:httpd-0:2.0.52-38.ent.2.i386", "4WS:httpd-0:2.0.52-38.ent.2.ia64", "4WS:httpd-0:2.0.52-38.ent.2.ppc", "4WS:httpd-0:2.0.52-38.ent.2.s390", "4WS:httpd-0:2.0.52-38.ent.2.s390x", "4WS:httpd-0:2.0.52-38.ent.2.src", "4WS:httpd-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-devel-0:2.0.52-38.ent.2.i386", "4WS:httpd-devel-0:2.0.52-38.ent.2.ia64", "4WS:httpd-devel-0:2.0.52-38.ent.2.ppc", "4WS:httpd-devel-0:2.0.52-38.ent.2.s390", "4WS:httpd-devel-0:2.0.52-38.ent.2.s390x", "4WS:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-manual-0:2.0.52-38.ent.2.i386", "4WS:httpd-manual-0:2.0.52-38.ent.2.ia64", "4WS:httpd-manual-0:2.0.52-38.ent.2.ppc", "4WS:httpd-manual-0:2.0.52-38.ent.2.s390", "4WS:httpd-manual-0:2.0.52-38.ent.2.s390x", "4WS:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-suexec-0:2.0.52-38.ent.2.i386", "4WS:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4WS:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390", "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4WS:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4WS:mod_ssl-1:2.0.52-38.ent.2.i386", "4WS:mod_ssl-1:2.0.52-38.ent.2.ia64", "4WS:mod_ssl-1:2.0.52-38.ent.2.ppc", "4WS:mod_ssl-1:2.0.52-38.ent.2.s390", "4WS:mod_ssl-1:2.0.52-38.ent.2.s390x", "4WS:mod_ssl-1:2.0.52-38.ent.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4465" }, { "category": "external", "summary": "RHBZ#289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465" } ], "release_date": "2007-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:25:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS:httpd-0:2.0.52-38.ent.2.i386", "4AS:httpd-0:2.0.52-38.ent.2.ia64", "4AS:httpd-0:2.0.52-38.ent.2.ppc", "4AS:httpd-0:2.0.52-38.ent.2.s390", "4AS:httpd-0:2.0.52-38.ent.2.s390x", "4AS:httpd-0:2.0.52-38.ent.2.src", "4AS:httpd-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-devel-0:2.0.52-38.ent.2.i386", "4AS:httpd-devel-0:2.0.52-38.ent.2.ia64", "4AS:httpd-devel-0:2.0.52-38.ent.2.ppc", "4AS:httpd-devel-0:2.0.52-38.ent.2.s390", "4AS:httpd-devel-0:2.0.52-38.ent.2.s390x", "4AS:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-manual-0:2.0.52-38.ent.2.i386", "4AS:httpd-manual-0:2.0.52-38.ent.2.ia64", "4AS:httpd-manual-0:2.0.52-38.ent.2.ppc", "4AS:httpd-manual-0:2.0.52-38.ent.2.s390", "4AS:httpd-manual-0:2.0.52-38.ent.2.s390x", "4AS:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-suexec-0:2.0.52-38.ent.2.i386", "4AS:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4AS:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390", "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4AS:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4AS:mod_ssl-1:2.0.52-38.ent.2.i386", "4AS:mod_ssl-1:2.0.52-38.ent.2.ia64", "4AS:mod_ssl-1:2.0.52-38.ent.2.ppc", "4AS:mod_ssl-1:2.0.52-38.ent.2.s390", "4AS:mod_ssl-1:2.0.52-38.ent.2.s390x", "4AS:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-0:2.0.52-38.ent.2.src", "4Desktop:httpd-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.i386", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ia64", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ppc", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390x", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4ES:httpd-0:2.0.52-38.ent.2.i386", "4ES:httpd-0:2.0.52-38.ent.2.ia64", "4ES:httpd-0:2.0.52-38.ent.2.ppc", "4ES:httpd-0:2.0.52-38.ent.2.s390", "4ES:httpd-0:2.0.52-38.ent.2.s390x", "4ES:httpd-0:2.0.52-38.ent.2.src", "4ES:httpd-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-devel-0:2.0.52-38.ent.2.i386", "4ES:httpd-devel-0:2.0.52-38.ent.2.ia64", "4ES:httpd-devel-0:2.0.52-38.ent.2.ppc", "4ES:httpd-devel-0:2.0.52-38.ent.2.s390", "4ES:httpd-devel-0:2.0.52-38.ent.2.s390x", "4ES:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-manual-0:2.0.52-38.ent.2.i386", "4ES:httpd-manual-0:2.0.52-38.ent.2.ia64", "4ES:httpd-manual-0:2.0.52-38.ent.2.ppc", "4ES:httpd-manual-0:2.0.52-38.ent.2.s390", "4ES:httpd-manual-0:2.0.52-38.ent.2.s390x", "4ES:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-suexec-0:2.0.52-38.ent.2.i386", "4ES:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4ES:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390", "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4ES:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4ES:mod_ssl-1:2.0.52-38.ent.2.i386", "4ES:mod_ssl-1:2.0.52-38.ent.2.ia64", "4ES:mod_ssl-1:2.0.52-38.ent.2.ppc", "4ES:mod_ssl-1:2.0.52-38.ent.2.s390", "4ES:mod_ssl-1:2.0.52-38.ent.2.s390x", "4ES:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4WS:httpd-0:2.0.52-38.ent.2.i386", "4WS:httpd-0:2.0.52-38.ent.2.ia64", "4WS:httpd-0:2.0.52-38.ent.2.ppc", "4WS:httpd-0:2.0.52-38.ent.2.s390", "4WS:httpd-0:2.0.52-38.ent.2.s390x", "4WS:httpd-0:2.0.52-38.ent.2.src", "4WS:httpd-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-devel-0:2.0.52-38.ent.2.i386", "4WS:httpd-devel-0:2.0.52-38.ent.2.ia64", "4WS:httpd-devel-0:2.0.52-38.ent.2.ppc", "4WS:httpd-devel-0:2.0.52-38.ent.2.s390", "4WS:httpd-devel-0:2.0.52-38.ent.2.s390x", "4WS:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-manual-0:2.0.52-38.ent.2.i386", "4WS:httpd-manual-0:2.0.52-38.ent.2.ia64", "4WS:httpd-manual-0:2.0.52-38.ent.2.ppc", "4WS:httpd-manual-0:2.0.52-38.ent.2.s390", "4WS:httpd-manual-0:2.0.52-38.ent.2.s390x", "4WS:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-suexec-0:2.0.52-38.ent.2.i386", "4WS:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4WS:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390", "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4WS:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4WS:mod_ssl-1:2.0.52-38.ent.2.i386", "4WS:mod_ssl-1:2.0.52-38.ent.2.ia64", "4WS:mod_ssl-1:2.0.52-38.ent.2.ppc", "4WS:mod_ssl-1:2.0.52-38.ent.2.s390", "4WS:mod_ssl-1:2.0.52-38.ent.2.s390x", "4WS:mod_ssl-1:2.0.52-38.ent.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0006" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_autoindex XSS" }, { "cve": "CVE-2007-5000", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "419931" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_imagemap XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS:httpd-0:2.0.52-38.ent.2.i386", "4AS:httpd-0:2.0.52-38.ent.2.ia64", "4AS:httpd-0:2.0.52-38.ent.2.ppc", "4AS:httpd-0:2.0.52-38.ent.2.s390", "4AS:httpd-0:2.0.52-38.ent.2.s390x", "4AS:httpd-0:2.0.52-38.ent.2.src", "4AS:httpd-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-devel-0:2.0.52-38.ent.2.i386", "4AS:httpd-devel-0:2.0.52-38.ent.2.ia64", "4AS:httpd-devel-0:2.0.52-38.ent.2.ppc", "4AS:httpd-devel-0:2.0.52-38.ent.2.s390", "4AS:httpd-devel-0:2.0.52-38.ent.2.s390x", "4AS:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-manual-0:2.0.52-38.ent.2.i386", "4AS:httpd-manual-0:2.0.52-38.ent.2.ia64", "4AS:httpd-manual-0:2.0.52-38.ent.2.ppc", "4AS:httpd-manual-0:2.0.52-38.ent.2.s390", "4AS:httpd-manual-0:2.0.52-38.ent.2.s390x", "4AS:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-suexec-0:2.0.52-38.ent.2.i386", "4AS:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4AS:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390", "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4AS:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4AS:mod_ssl-1:2.0.52-38.ent.2.i386", "4AS:mod_ssl-1:2.0.52-38.ent.2.ia64", "4AS:mod_ssl-1:2.0.52-38.ent.2.ppc", "4AS:mod_ssl-1:2.0.52-38.ent.2.s390", "4AS:mod_ssl-1:2.0.52-38.ent.2.s390x", "4AS:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-0:2.0.52-38.ent.2.src", "4Desktop:httpd-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.i386", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ia64", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ppc", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390x", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4ES:httpd-0:2.0.52-38.ent.2.i386", "4ES:httpd-0:2.0.52-38.ent.2.ia64", "4ES:httpd-0:2.0.52-38.ent.2.ppc", "4ES:httpd-0:2.0.52-38.ent.2.s390", "4ES:httpd-0:2.0.52-38.ent.2.s390x", "4ES:httpd-0:2.0.52-38.ent.2.src", "4ES:httpd-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-devel-0:2.0.52-38.ent.2.i386", "4ES:httpd-devel-0:2.0.52-38.ent.2.ia64", "4ES:httpd-devel-0:2.0.52-38.ent.2.ppc", "4ES:httpd-devel-0:2.0.52-38.ent.2.s390", "4ES:httpd-devel-0:2.0.52-38.ent.2.s390x", "4ES:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-manual-0:2.0.52-38.ent.2.i386", "4ES:httpd-manual-0:2.0.52-38.ent.2.ia64", "4ES:httpd-manual-0:2.0.52-38.ent.2.ppc", "4ES:httpd-manual-0:2.0.52-38.ent.2.s390", "4ES:httpd-manual-0:2.0.52-38.ent.2.s390x", "4ES:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-suexec-0:2.0.52-38.ent.2.i386", "4ES:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4ES:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390", "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4ES:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4ES:mod_ssl-1:2.0.52-38.ent.2.i386", "4ES:mod_ssl-1:2.0.52-38.ent.2.ia64", "4ES:mod_ssl-1:2.0.52-38.ent.2.ppc", "4ES:mod_ssl-1:2.0.52-38.ent.2.s390", "4ES:mod_ssl-1:2.0.52-38.ent.2.s390x", "4ES:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4WS:httpd-0:2.0.52-38.ent.2.i386", "4WS:httpd-0:2.0.52-38.ent.2.ia64", "4WS:httpd-0:2.0.52-38.ent.2.ppc", "4WS:httpd-0:2.0.52-38.ent.2.s390", "4WS:httpd-0:2.0.52-38.ent.2.s390x", "4WS:httpd-0:2.0.52-38.ent.2.src", "4WS:httpd-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-devel-0:2.0.52-38.ent.2.i386", "4WS:httpd-devel-0:2.0.52-38.ent.2.ia64", "4WS:httpd-devel-0:2.0.52-38.ent.2.ppc", "4WS:httpd-devel-0:2.0.52-38.ent.2.s390", "4WS:httpd-devel-0:2.0.52-38.ent.2.s390x", "4WS:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-manual-0:2.0.52-38.ent.2.i386", "4WS:httpd-manual-0:2.0.52-38.ent.2.ia64", "4WS:httpd-manual-0:2.0.52-38.ent.2.ppc", "4WS:httpd-manual-0:2.0.52-38.ent.2.s390", "4WS:httpd-manual-0:2.0.52-38.ent.2.s390x", "4WS:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-suexec-0:2.0.52-38.ent.2.i386", "4WS:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4WS:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390", "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4WS:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4WS:mod_ssl-1:2.0.52-38.ent.2.i386", "4WS:mod_ssl-1:2.0.52-38.ent.2.ia64", "4WS:mod_ssl-1:2.0.52-38.ent.2.ppc", "4WS:mod_ssl-1:2.0.52-38.ent.2.s390", "4WS:mod_ssl-1:2.0.52-38.ent.2.s390x", "4WS:mod_ssl-1:2.0.52-38.ent.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5000" }, { "category": "external", "summary": "RHBZ#419931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000" } ], "release_date": "2007-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:25:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS:httpd-0:2.0.52-38.ent.2.i386", "4AS:httpd-0:2.0.52-38.ent.2.ia64", "4AS:httpd-0:2.0.52-38.ent.2.ppc", "4AS:httpd-0:2.0.52-38.ent.2.s390", "4AS:httpd-0:2.0.52-38.ent.2.s390x", "4AS:httpd-0:2.0.52-38.ent.2.src", "4AS:httpd-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-devel-0:2.0.52-38.ent.2.i386", "4AS:httpd-devel-0:2.0.52-38.ent.2.ia64", "4AS:httpd-devel-0:2.0.52-38.ent.2.ppc", "4AS:httpd-devel-0:2.0.52-38.ent.2.s390", "4AS:httpd-devel-0:2.0.52-38.ent.2.s390x", "4AS:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-manual-0:2.0.52-38.ent.2.i386", "4AS:httpd-manual-0:2.0.52-38.ent.2.ia64", "4AS:httpd-manual-0:2.0.52-38.ent.2.ppc", "4AS:httpd-manual-0:2.0.52-38.ent.2.s390", "4AS:httpd-manual-0:2.0.52-38.ent.2.s390x", "4AS:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-suexec-0:2.0.52-38.ent.2.i386", "4AS:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4AS:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390", "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4AS:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4AS:mod_ssl-1:2.0.52-38.ent.2.i386", "4AS:mod_ssl-1:2.0.52-38.ent.2.ia64", "4AS:mod_ssl-1:2.0.52-38.ent.2.ppc", "4AS:mod_ssl-1:2.0.52-38.ent.2.s390", "4AS:mod_ssl-1:2.0.52-38.ent.2.s390x", "4AS:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-0:2.0.52-38.ent.2.src", "4Desktop:httpd-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.i386", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ia64", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ppc", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390x", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4ES:httpd-0:2.0.52-38.ent.2.i386", "4ES:httpd-0:2.0.52-38.ent.2.ia64", "4ES:httpd-0:2.0.52-38.ent.2.ppc", "4ES:httpd-0:2.0.52-38.ent.2.s390", "4ES:httpd-0:2.0.52-38.ent.2.s390x", "4ES:httpd-0:2.0.52-38.ent.2.src", "4ES:httpd-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-devel-0:2.0.52-38.ent.2.i386", "4ES:httpd-devel-0:2.0.52-38.ent.2.ia64", "4ES:httpd-devel-0:2.0.52-38.ent.2.ppc", "4ES:httpd-devel-0:2.0.52-38.ent.2.s390", "4ES:httpd-devel-0:2.0.52-38.ent.2.s390x", "4ES:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-manual-0:2.0.52-38.ent.2.i386", "4ES:httpd-manual-0:2.0.52-38.ent.2.ia64", "4ES:httpd-manual-0:2.0.52-38.ent.2.ppc", "4ES:httpd-manual-0:2.0.52-38.ent.2.s390", "4ES:httpd-manual-0:2.0.52-38.ent.2.s390x", "4ES:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-suexec-0:2.0.52-38.ent.2.i386", "4ES:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4ES:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390", "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4ES:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4ES:mod_ssl-1:2.0.52-38.ent.2.i386", "4ES:mod_ssl-1:2.0.52-38.ent.2.ia64", "4ES:mod_ssl-1:2.0.52-38.ent.2.ppc", "4ES:mod_ssl-1:2.0.52-38.ent.2.s390", "4ES:mod_ssl-1:2.0.52-38.ent.2.s390x", "4ES:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4WS:httpd-0:2.0.52-38.ent.2.i386", "4WS:httpd-0:2.0.52-38.ent.2.ia64", "4WS:httpd-0:2.0.52-38.ent.2.ppc", "4WS:httpd-0:2.0.52-38.ent.2.s390", "4WS:httpd-0:2.0.52-38.ent.2.s390x", "4WS:httpd-0:2.0.52-38.ent.2.src", "4WS:httpd-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-devel-0:2.0.52-38.ent.2.i386", "4WS:httpd-devel-0:2.0.52-38.ent.2.ia64", "4WS:httpd-devel-0:2.0.52-38.ent.2.ppc", "4WS:httpd-devel-0:2.0.52-38.ent.2.s390", "4WS:httpd-devel-0:2.0.52-38.ent.2.s390x", "4WS:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-manual-0:2.0.52-38.ent.2.i386", "4WS:httpd-manual-0:2.0.52-38.ent.2.ia64", "4WS:httpd-manual-0:2.0.52-38.ent.2.ppc", "4WS:httpd-manual-0:2.0.52-38.ent.2.s390", "4WS:httpd-manual-0:2.0.52-38.ent.2.s390x", "4WS:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-suexec-0:2.0.52-38.ent.2.i386", "4WS:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4WS:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390", "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4WS:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4WS:mod_ssl-1:2.0.52-38.ent.2.i386", "4WS:mod_ssl-1:2.0.52-38.ent.2.ia64", "4WS:mod_ssl-1:2.0.52-38.ent.2.ppc", "4WS:mod_ssl-1:2.0.52-38.ent.2.s390", "4WS:mod_ssl-1:2.0.52-38.ent.2.s390x", "4WS:mod_ssl-1:2.0.52-38.ent.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0006" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_imagemap XSS" }, { "cve": "CVE-2007-6388", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427228" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache mod_status cross-site scripting", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS:httpd-0:2.0.52-38.ent.2.i386", "4AS:httpd-0:2.0.52-38.ent.2.ia64", "4AS:httpd-0:2.0.52-38.ent.2.ppc", "4AS:httpd-0:2.0.52-38.ent.2.s390", "4AS:httpd-0:2.0.52-38.ent.2.s390x", "4AS:httpd-0:2.0.52-38.ent.2.src", "4AS:httpd-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-devel-0:2.0.52-38.ent.2.i386", "4AS:httpd-devel-0:2.0.52-38.ent.2.ia64", "4AS:httpd-devel-0:2.0.52-38.ent.2.ppc", "4AS:httpd-devel-0:2.0.52-38.ent.2.s390", "4AS:httpd-devel-0:2.0.52-38.ent.2.s390x", "4AS:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-manual-0:2.0.52-38.ent.2.i386", "4AS:httpd-manual-0:2.0.52-38.ent.2.ia64", "4AS:httpd-manual-0:2.0.52-38.ent.2.ppc", "4AS:httpd-manual-0:2.0.52-38.ent.2.s390", "4AS:httpd-manual-0:2.0.52-38.ent.2.s390x", "4AS:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-suexec-0:2.0.52-38.ent.2.i386", "4AS:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4AS:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390", "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4AS:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4AS:mod_ssl-1:2.0.52-38.ent.2.i386", "4AS:mod_ssl-1:2.0.52-38.ent.2.ia64", "4AS:mod_ssl-1:2.0.52-38.ent.2.ppc", "4AS:mod_ssl-1:2.0.52-38.ent.2.s390", "4AS:mod_ssl-1:2.0.52-38.ent.2.s390x", "4AS:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-0:2.0.52-38.ent.2.src", "4Desktop:httpd-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.i386", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ia64", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ppc", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390x", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4ES:httpd-0:2.0.52-38.ent.2.i386", "4ES:httpd-0:2.0.52-38.ent.2.ia64", "4ES:httpd-0:2.0.52-38.ent.2.ppc", "4ES:httpd-0:2.0.52-38.ent.2.s390", "4ES:httpd-0:2.0.52-38.ent.2.s390x", "4ES:httpd-0:2.0.52-38.ent.2.src", "4ES:httpd-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-devel-0:2.0.52-38.ent.2.i386", "4ES:httpd-devel-0:2.0.52-38.ent.2.ia64", "4ES:httpd-devel-0:2.0.52-38.ent.2.ppc", "4ES:httpd-devel-0:2.0.52-38.ent.2.s390", "4ES:httpd-devel-0:2.0.52-38.ent.2.s390x", "4ES:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-manual-0:2.0.52-38.ent.2.i386", "4ES:httpd-manual-0:2.0.52-38.ent.2.ia64", "4ES:httpd-manual-0:2.0.52-38.ent.2.ppc", "4ES:httpd-manual-0:2.0.52-38.ent.2.s390", "4ES:httpd-manual-0:2.0.52-38.ent.2.s390x", "4ES:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-suexec-0:2.0.52-38.ent.2.i386", "4ES:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4ES:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390", "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4ES:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4ES:mod_ssl-1:2.0.52-38.ent.2.i386", "4ES:mod_ssl-1:2.0.52-38.ent.2.ia64", "4ES:mod_ssl-1:2.0.52-38.ent.2.ppc", "4ES:mod_ssl-1:2.0.52-38.ent.2.s390", "4ES:mod_ssl-1:2.0.52-38.ent.2.s390x", "4ES:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4WS:httpd-0:2.0.52-38.ent.2.i386", "4WS:httpd-0:2.0.52-38.ent.2.ia64", "4WS:httpd-0:2.0.52-38.ent.2.ppc", "4WS:httpd-0:2.0.52-38.ent.2.s390", "4WS:httpd-0:2.0.52-38.ent.2.s390x", "4WS:httpd-0:2.0.52-38.ent.2.src", "4WS:httpd-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-devel-0:2.0.52-38.ent.2.i386", "4WS:httpd-devel-0:2.0.52-38.ent.2.ia64", "4WS:httpd-devel-0:2.0.52-38.ent.2.ppc", "4WS:httpd-devel-0:2.0.52-38.ent.2.s390", "4WS:httpd-devel-0:2.0.52-38.ent.2.s390x", "4WS:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-manual-0:2.0.52-38.ent.2.i386", "4WS:httpd-manual-0:2.0.52-38.ent.2.ia64", "4WS:httpd-manual-0:2.0.52-38.ent.2.ppc", "4WS:httpd-manual-0:2.0.52-38.ent.2.s390", "4WS:httpd-manual-0:2.0.52-38.ent.2.s390x", "4WS:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-suexec-0:2.0.52-38.ent.2.i386", "4WS:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4WS:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390", "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4WS:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4WS:mod_ssl-1:2.0.52-38.ent.2.i386", "4WS:mod_ssl-1:2.0.52-38.ent.2.ia64", "4WS:mod_ssl-1:2.0.52-38.ent.2.ppc", "4WS:mod_ssl-1:2.0.52-38.ent.2.s390", "4WS:mod_ssl-1:2.0.52-38.ent.2.s390x", "4WS:mod_ssl-1:2.0.52-38.ent.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6388" }, { "category": "external", "summary": "RHBZ#427228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388" } ], "release_date": "2007-12-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:25:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS:httpd-0:2.0.52-38.ent.2.i386", "4AS:httpd-0:2.0.52-38.ent.2.ia64", "4AS:httpd-0:2.0.52-38.ent.2.ppc", "4AS:httpd-0:2.0.52-38.ent.2.s390", "4AS:httpd-0:2.0.52-38.ent.2.s390x", "4AS:httpd-0:2.0.52-38.ent.2.src", "4AS:httpd-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-devel-0:2.0.52-38.ent.2.i386", "4AS:httpd-devel-0:2.0.52-38.ent.2.ia64", "4AS:httpd-devel-0:2.0.52-38.ent.2.ppc", "4AS:httpd-devel-0:2.0.52-38.ent.2.s390", "4AS:httpd-devel-0:2.0.52-38.ent.2.s390x", "4AS:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-manual-0:2.0.52-38.ent.2.i386", "4AS:httpd-manual-0:2.0.52-38.ent.2.ia64", "4AS:httpd-manual-0:2.0.52-38.ent.2.ppc", "4AS:httpd-manual-0:2.0.52-38.ent.2.s390", "4AS:httpd-manual-0:2.0.52-38.ent.2.s390x", "4AS:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-suexec-0:2.0.52-38.ent.2.i386", "4AS:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4AS:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390", "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4AS:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4AS:mod_ssl-1:2.0.52-38.ent.2.i386", "4AS:mod_ssl-1:2.0.52-38.ent.2.ia64", "4AS:mod_ssl-1:2.0.52-38.ent.2.ppc", "4AS:mod_ssl-1:2.0.52-38.ent.2.s390", "4AS:mod_ssl-1:2.0.52-38.ent.2.s390x", "4AS:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-0:2.0.52-38.ent.2.src", "4Desktop:httpd-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.i386", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ia64", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ppc", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390x", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4ES:httpd-0:2.0.52-38.ent.2.i386", "4ES:httpd-0:2.0.52-38.ent.2.ia64", "4ES:httpd-0:2.0.52-38.ent.2.ppc", "4ES:httpd-0:2.0.52-38.ent.2.s390", "4ES:httpd-0:2.0.52-38.ent.2.s390x", "4ES:httpd-0:2.0.52-38.ent.2.src", "4ES:httpd-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-devel-0:2.0.52-38.ent.2.i386", "4ES:httpd-devel-0:2.0.52-38.ent.2.ia64", "4ES:httpd-devel-0:2.0.52-38.ent.2.ppc", "4ES:httpd-devel-0:2.0.52-38.ent.2.s390", "4ES:httpd-devel-0:2.0.52-38.ent.2.s390x", "4ES:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-manual-0:2.0.52-38.ent.2.i386", "4ES:httpd-manual-0:2.0.52-38.ent.2.ia64", "4ES:httpd-manual-0:2.0.52-38.ent.2.ppc", "4ES:httpd-manual-0:2.0.52-38.ent.2.s390", "4ES:httpd-manual-0:2.0.52-38.ent.2.s390x", "4ES:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-suexec-0:2.0.52-38.ent.2.i386", "4ES:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4ES:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390", "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4ES:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4ES:mod_ssl-1:2.0.52-38.ent.2.i386", "4ES:mod_ssl-1:2.0.52-38.ent.2.ia64", "4ES:mod_ssl-1:2.0.52-38.ent.2.ppc", "4ES:mod_ssl-1:2.0.52-38.ent.2.s390", "4ES:mod_ssl-1:2.0.52-38.ent.2.s390x", "4ES:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4WS:httpd-0:2.0.52-38.ent.2.i386", "4WS:httpd-0:2.0.52-38.ent.2.ia64", "4WS:httpd-0:2.0.52-38.ent.2.ppc", "4WS:httpd-0:2.0.52-38.ent.2.s390", "4WS:httpd-0:2.0.52-38.ent.2.s390x", "4WS:httpd-0:2.0.52-38.ent.2.src", "4WS:httpd-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-devel-0:2.0.52-38.ent.2.i386", "4WS:httpd-devel-0:2.0.52-38.ent.2.ia64", "4WS:httpd-devel-0:2.0.52-38.ent.2.ppc", "4WS:httpd-devel-0:2.0.52-38.ent.2.s390", "4WS:httpd-devel-0:2.0.52-38.ent.2.s390x", "4WS:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-manual-0:2.0.52-38.ent.2.i386", "4WS:httpd-manual-0:2.0.52-38.ent.2.ia64", "4WS:httpd-manual-0:2.0.52-38.ent.2.ppc", "4WS:httpd-manual-0:2.0.52-38.ent.2.s390", "4WS:httpd-manual-0:2.0.52-38.ent.2.s390x", "4WS:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-suexec-0:2.0.52-38.ent.2.i386", "4WS:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4WS:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390", "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4WS:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4WS:mod_ssl-1:2.0.52-38.ent.2.i386", "4WS:mod_ssl-1:2.0.52-38.ent.2.ia64", "4WS:mod_ssl-1:2.0.52-38.ent.2.ppc", "4WS:mod_ssl-1:2.0.52-38.ent.2.s390", "4WS:mod_ssl-1:2.0.52-38.ent.2.s390x", "4WS:mod_ssl-1:2.0.52-38.ent.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0006" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache mod_status cross-site scripting" }, { "cve": "CVE-2008-0005", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427739" } ], "notes": [ { "category": "description", "text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_proxy_ftp XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS:httpd-0:2.0.52-38.ent.2.i386", "4AS:httpd-0:2.0.52-38.ent.2.ia64", "4AS:httpd-0:2.0.52-38.ent.2.ppc", "4AS:httpd-0:2.0.52-38.ent.2.s390", "4AS:httpd-0:2.0.52-38.ent.2.s390x", "4AS:httpd-0:2.0.52-38.ent.2.src", "4AS:httpd-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-devel-0:2.0.52-38.ent.2.i386", "4AS:httpd-devel-0:2.0.52-38.ent.2.ia64", "4AS:httpd-devel-0:2.0.52-38.ent.2.ppc", "4AS:httpd-devel-0:2.0.52-38.ent.2.s390", "4AS:httpd-devel-0:2.0.52-38.ent.2.s390x", "4AS:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-manual-0:2.0.52-38.ent.2.i386", "4AS:httpd-manual-0:2.0.52-38.ent.2.ia64", "4AS:httpd-manual-0:2.0.52-38.ent.2.ppc", "4AS:httpd-manual-0:2.0.52-38.ent.2.s390", "4AS:httpd-manual-0:2.0.52-38.ent.2.s390x", "4AS:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-suexec-0:2.0.52-38.ent.2.i386", "4AS:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4AS:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390", "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4AS:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4AS:mod_ssl-1:2.0.52-38.ent.2.i386", "4AS:mod_ssl-1:2.0.52-38.ent.2.ia64", "4AS:mod_ssl-1:2.0.52-38.ent.2.ppc", "4AS:mod_ssl-1:2.0.52-38.ent.2.s390", "4AS:mod_ssl-1:2.0.52-38.ent.2.s390x", "4AS:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-0:2.0.52-38.ent.2.src", "4Desktop:httpd-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.i386", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ia64", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ppc", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390x", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4ES:httpd-0:2.0.52-38.ent.2.i386", "4ES:httpd-0:2.0.52-38.ent.2.ia64", "4ES:httpd-0:2.0.52-38.ent.2.ppc", "4ES:httpd-0:2.0.52-38.ent.2.s390", "4ES:httpd-0:2.0.52-38.ent.2.s390x", "4ES:httpd-0:2.0.52-38.ent.2.src", "4ES:httpd-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-devel-0:2.0.52-38.ent.2.i386", "4ES:httpd-devel-0:2.0.52-38.ent.2.ia64", "4ES:httpd-devel-0:2.0.52-38.ent.2.ppc", "4ES:httpd-devel-0:2.0.52-38.ent.2.s390", "4ES:httpd-devel-0:2.0.52-38.ent.2.s390x", "4ES:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-manual-0:2.0.52-38.ent.2.i386", "4ES:httpd-manual-0:2.0.52-38.ent.2.ia64", "4ES:httpd-manual-0:2.0.52-38.ent.2.ppc", "4ES:httpd-manual-0:2.0.52-38.ent.2.s390", "4ES:httpd-manual-0:2.0.52-38.ent.2.s390x", "4ES:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-suexec-0:2.0.52-38.ent.2.i386", "4ES:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4ES:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390", "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4ES:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4ES:mod_ssl-1:2.0.52-38.ent.2.i386", "4ES:mod_ssl-1:2.0.52-38.ent.2.ia64", "4ES:mod_ssl-1:2.0.52-38.ent.2.ppc", "4ES:mod_ssl-1:2.0.52-38.ent.2.s390", "4ES:mod_ssl-1:2.0.52-38.ent.2.s390x", "4ES:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4WS:httpd-0:2.0.52-38.ent.2.i386", "4WS:httpd-0:2.0.52-38.ent.2.ia64", "4WS:httpd-0:2.0.52-38.ent.2.ppc", "4WS:httpd-0:2.0.52-38.ent.2.s390", "4WS:httpd-0:2.0.52-38.ent.2.s390x", "4WS:httpd-0:2.0.52-38.ent.2.src", "4WS:httpd-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-devel-0:2.0.52-38.ent.2.i386", "4WS:httpd-devel-0:2.0.52-38.ent.2.ia64", "4WS:httpd-devel-0:2.0.52-38.ent.2.ppc", "4WS:httpd-devel-0:2.0.52-38.ent.2.s390", "4WS:httpd-devel-0:2.0.52-38.ent.2.s390x", "4WS:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-manual-0:2.0.52-38.ent.2.i386", "4WS:httpd-manual-0:2.0.52-38.ent.2.ia64", "4WS:httpd-manual-0:2.0.52-38.ent.2.ppc", "4WS:httpd-manual-0:2.0.52-38.ent.2.s390", "4WS:httpd-manual-0:2.0.52-38.ent.2.s390x", "4WS:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-suexec-0:2.0.52-38.ent.2.i386", "4WS:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4WS:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390", "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4WS:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4WS:mod_ssl-1:2.0.52-38.ent.2.i386", "4WS:mod_ssl-1:2.0.52-38.ent.2.ia64", "4WS:mod_ssl-1:2.0.52-38.ent.2.ppc", "4WS:mod_ssl-1:2.0.52-38.ent.2.s390", "4WS:mod_ssl-1:2.0.52-38.ent.2.s390x", "4WS:mod_ssl-1:2.0.52-38.ent.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0005" }, { "category": "external", "summary": "RHBZ#427739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0005", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005" } ], "release_date": "2008-01-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-01-15T09:25:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS:httpd-0:2.0.52-38.ent.2.i386", "4AS:httpd-0:2.0.52-38.ent.2.ia64", "4AS:httpd-0:2.0.52-38.ent.2.ppc", "4AS:httpd-0:2.0.52-38.ent.2.s390", "4AS:httpd-0:2.0.52-38.ent.2.s390x", "4AS:httpd-0:2.0.52-38.ent.2.src", "4AS:httpd-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4AS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-devel-0:2.0.52-38.ent.2.i386", "4AS:httpd-devel-0:2.0.52-38.ent.2.ia64", "4AS:httpd-devel-0:2.0.52-38.ent.2.ppc", "4AS:httpd-devel-0:2.0.52-38.ent.2.s390", "4AS:httpd-devel-0:2.0.52-38.ent.2.s390x", "4AS:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-manual-0:2.0.52-38.ent.2.i386", "4AS:httpd-manual-0:2.0.52-38.ent.2.ia64", "4AS:httpd-manual-0:2.0.52-38.ent.2.ppc", "4AS:httpd-manual-0:2.0.52-38.ent.2.s390", "4AS:httpd-manual-0:2.0.52-38.ent.2.s390x", "4AS:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4AS:httpd-suexec-0:2.0.52-38.ent.2.i386", "4AS:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4AS:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390", "4AS:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4AS:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4AS:mod_ssl-1:2.0.52-38.ent.2.i386", "4AS:mod_ssl-1:2.0.52-38.ent.2.ia64", "4AS:mod_ssl-1:2.0.52-38.ent.2.ppc", "4AS:mod_ssl-1:2.0.52-38.ent.2.s390", "4AS:mod_ssl-1:2.0.52-38.ent.2.s390x", "4AS:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-0:2.0.52-38.ent.2.src", "4Desktop:httpd-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.i386", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4Desktop:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.i386", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ia64", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.ppc", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.s390x", "4Desktop:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4ES:httpd-0:2.0.52-38.ent.2.i386", "4ES:httpd-0:2.0.52-38.ent.2.ia64", "4ES:httpd-0:2.0.52-38.ent.2.ppc", "4ES:httpd-0:2.0.52-38.ent.2.s390", "4ES:httpd-0:2.0.52-38.ent.2.s390x", "4ES:httpd-0:2.0.52-38.ent.2.src", "4ES:httpd-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4ES:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-devel-0:2.0.52-38.ent.2.i386", "4ES:httpd-devel-0:2.0.52-38.ent.2.ia64", "4ES:httpd-devel-0:2.0.52-38.ent.2.ppc", "4ES:httpd-devel-0:2.0.52-38.ent.2.s390", "4ES:httpd-devel-0:2.0.52-38.ent.2.s390x", "4ES:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-manual-0:2.0.52-38.ent.2.i386", "4ES:httpd-manual-0:2.0.52-38.ent.2.ia64", "4ES:httpd-manual-0:2.0.52-38.ent.2.ppc", "4ES:httpd-manual-0:2.0.52-38.ent.2.s390", "4ES:httpd-manual-0:2.0.52-38.ent.2.s390x", "4ES:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4ES:httpd-suexec-0:2.0.52-38.ent.2.i386", "4ES:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4ES:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390", "4ES:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4ES:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4ES:mod_ssl-1:2.0.52-38.ent.2.i386", "4ES:mod_ssl-1:2.0.52-38.ent.2.ia64", "4ES:mod_ssl-1:2.0.52-38.ent.2.ppc", "4ES:mod_ssl-1:2.0.52-38.ent.2.s390", "4ES:mod_ssl-1:2.0.52-38.ent.2.s390x", "4ES:mod_ssl-1:2.0.52-38.ent.2.x86_64", "4WS:httpd-0:2.0.52-38.ent.2.i386", "4WS:httpd-0:2.0.52-38.ent.2.ia64", "4WS:httpd-0:2.0.52-38.ent.2.ppc", "4WS:httpd-0:2.0.52-38.ent.2.s390", "4WS:httpd-0:2.0.52-38.ent.2.s390x", "4WS:httpd-0:2.0.52-38.ent.2.src", "4WS:httpd-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.i386", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ia64", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.ppc", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.s390x", "4WS:httpd-debuginfo-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-devel-0:2.0.52-38.ent.2.i386", "4WS:httpd-devel-0:2.0.52-38.ent.2.ia64", "4WS:httpd-devel-0:2.0.52-38.ent.2.ppc", "4WS:httpd-devel-0:2.0.52-38.ent.2.s390", "4WS:httpd-devel-0:2.0.52-38.ent.2.s390x", "4WS:httpd-devel-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-manual-0:2.0.52-38.ent.2.i386", "4WS:httpd-manual-0:2.0.52-38.ent.2.ia64", "4WS:httpd-manual-0:2.0.52-38.ent.2.ppc", "4WS:httpd-manual-0:2.0.52-38.ent.2.s390", "4WS:httpd-manual-0:2.0.52-38.ent.2.s390x", "4WS:httpd-manual-0:2.0.52-38.ent.2.x86_64", "4WS:httpd-suexec-0:2.0.52-38.ent.2.i386", "4WS:httpd-suexec-0:2.0.52-38.ent.2.ia64", "4WS:httpd-suexec-0:2.0.52-38.ent.2.ppc", "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390", "4WS:httpd-suexec-0:2.0.52-38.ent.2.s390x", "4WS:httpd-suexec-0:2.0.52-38.ent.2.x86_64", "4WS:mod_ssl-1:2.0.52-38.ent.2.i386", "4WS:mod_ssl-1:2.0.52-38.ent.2.ia64", "4WS:mod_ssl-1:2.0.52-38.ent.2.ppc", "4WS:mod_ssl-1:2.0.52-38.ent.2.s390", "4WS:mod_ssl-1:2.0.52-38.ent.2.s390x", "4WS:mod_ssl-1:2.0.52-38.ent.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0006" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_proxy_ftp XSS" } ] }
rhsa-2007_0911
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated httpd packages that fix two security issues are now available for\nRed Hat Application Stack.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "The Apache HTTP Server is a popular and freely-available Web server.\n\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites where\na reverse proxy is configured, a remote attacker could send a carefully\ncrafted request that would cause the Apache child process handling that\nrequest to crash. On sites where a forward proxy is configured, an attacker\ncould cause a similar crash if a user could be persuaded to visit a\nmalicious site using the proxy. This could lead to a denial of service if\nusing a threaded Multi-Processing Module. (CVE-2007-3847)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the AddDefaultCharset directive has been removed\nfrom the configuration, a cross-site-scripting attack may be possible\nagainst browsers which do not correctly derive the response character set\nfollowing the rules in RFC 2616. (CVE-2007-4465)\n\nUsers of httpd should upgrade to these updated packages which contain\nbackported patches to correct these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2007:0911", "url": "https://access.redhat.com/errata/RHSA-2007:0911" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "250731", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731" }, { "category": "external", "summary": "289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0911.json" } ], "title": "Red Hat Security Advisory: httpd security update", "tracking": { "current_release_date": "2024-11-05T16:48:07+00:00", "generator": { "date": "2024-11-05T16:48:07+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2007:0911", "initial_release_date": "2007-10-25T17:35:00+00:00", "revision_history": [ { "date": "2007-10-25T17:35:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2007-10-25T13:35:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T16:48:07+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product": { "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_stack:1" } } }, { "category": "product_name", "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product": { "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_stack:1" } } }, { "category": "product_name", "name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product": { "name": "Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_stack:2" } } } ], "category": "product_family", "name": "Red Hat Application Stack" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.0.59-1.el4s1.8.x86_64", "product": { "name": "httpd-devel-0:2.0.59-1.el4s1.8.x86_64", "product_id": "httpd-devel-0:2.0.59-1.el4s1.8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.0.59-1.el4s1.8?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-manual-0:2.0.59-1.el4s1.8.x86_64", "product": { "name": "httpd-manual-0:2.0.59-1.el4s1.8.x86_64", "product_id": "httpd-manual-0:2.0.59-1.el4s1.8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.0.59-1.el4s1.8?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-0:2.0.59-1.el4s1.8.x86_64", "product": { "name": "httpd-0:2.0.59-1.el4s1.8.x86_64", "product_id": "httpd-0:2.0.59-1.el4s1.8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.59-1.el4s1.8?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64", "product": { "name": "httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64", "product_id": "httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.59-1.el4s1.8?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.0.59-1.el4s1.8.x86_64", "product": { "name": "mod_ssl-1:2.0.59-1.el4s1.8.x86_64", "product_id": "mod_ssl-1:2.0.59-1.el4s1.8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.0.59-1.el4s1.8?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.4-7.el5s2.x86_64", "product": { "name": "httpd-devel-0:2.2.4-7.el5s2.x86_64", "product_id": "httpd-devel-0:2.2.4-7.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.4-7.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.4-7.el5s2.x86_64", "product": { "name": "mod_ssl-1:2.2.4-7.el5s2.x86_64", "product_id": "mod_ssl-1:2.2.4-7.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.4-7.el5s2?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.4-7.el5s2.x86_64", "product": { "name": "httpd-manual-0:2.2.4-7.el5s2.x86_64", "product_id": "httpd-manual-0:2.2.4-7.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.4-7.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.4-7.el5s2.x86_64", "product": { "name": "httpd-debuginfo-0:2.2.4-7.el5s2.x86_64", "product_id": "httpd-debuginfo-0:2.2.4-7.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.4-7.el5s2?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-0:2.2.4-7.el5s2.x86_64", "product": { "name": "httpd-0:2.2.4-7.el5s2.x86_64", "product_id": "httpd-0:2.2.4-7.el5s2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.4-7.el5s2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-devel-0:2.0.59-1.el4s1.8.i386", "product": { "name": "httpd-devel-0:2.0.59-1.el4s1.8.i386", "product_id": "httpd-devel-0:2.0.59-1.el4s1.8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.0.59-1.el4s1.8?arch=i386" } } }, { "category": "product_version", "name": "httpd-manual-0:2.0.59-1.el4s1.8.i386", "product": { "name": "httpd-manual-0:2.0.59-1.el4s1.8.i386", "product_id": "httpd-manual-0:2.0.59-1.el4s1.8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.0.59-1.el4s1.8?arch=i386" } } }, { "category": "product_version", "name": "httpd-0:2.0.59-1.el4s1.8.i386", "product": { "name": "httpd-0:2.0.59-1.el4s1.8.i386", "product_id": "httpd-0:2.0.59-1.el4s1.8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.59-1.el4s1.8?arch=i386" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.0.59-1.el4s1.8.i386", "product": { "name": "httpd-debuginfo-0:2.0.59-1.el4s1.8.i386", "product_id": "httpd-debuginfo-0:2.0.59-1.el4s1.8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.59-1.el4s1.8?arch=i386" } } }, { "category": "product_version", "name": "mod_ssl-1:2.0.59-1.el4s1.8.i386", "product": { "name": "mod_ssl-1:2.0.59-1.el4s1.8.i386", "product_id": "mod_ssl-1:2.0.59-1.el4s1.8.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.0.59-1.el4s1.8?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.4-7.el5s2.i386", "product": { "name": "httpd-devel-0:2.2.4-7.el5s2.i386", "product_id": "httpd-devel-0:2.2.4-7.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.4-7.el5s2?arch=i386" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.4-7.el5s2.i386", "product": { "name": "mod_ssl-1:2.2.4-7.el5s2.i386", "product_id": "mod_ssl-1:2.2.4-7.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.4-7.el5s2?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.4-7.el5s2.i386", "product": { "name": "httpd-manual-0:2.2.4-7.el5s2.i386", "product_id": "httpd-manual-0:2.2.4-7.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.4-7.el5s2?arch=i386" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.2.4-7.el5s2.i386", "product": { "name": "httpd-debuginfo-0:2.2.4-7.el5s2.i386", "product_id": "httpd-debuginfo-0:2.2.4-7.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.2.4-7.el5s2?arch=i386" } } }, { "category": "product_version", "name": "httpd-0:2.2.4-7.el5s2.i386", "product": { "name": "httpd-0:2.2.4-7.el5s2.i386", "product_id": "httpd-0:2.2.4-7.el5s2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.4-7.el5s2?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.0.59-1.el4s1.8.src", "product": { "name": "httpd-0:2.0.59-1.el4s1.8.src", "product_id": "httpd-0:2.0.59-1.el4s1.8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.59-1.el4s1.8?arch=src" } } }, { "category": "product_version", "name": "httpd-0:2.2.4-7.el5s2.src", "product": { "name": "httpd-0:2.2.4-7.el5s2.src", "product_id": "httpd-0:2.2.4-7.el5s2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.4-7.el5s2?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.59-1.el4s1.8.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.8.i386" }, "product_reference": "httpd-0:2.0.59-1.el4s1.8.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.59-1.el4s1.8.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.8.src" }, "product_reference": "httpd-0:2.0.59-1.el4s1.8.src", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.59-1.el4s1.8.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.8.x86_64" }, "product_reference": "httpd-0:2.0.59-1.el4s1.8.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.59-1.el4s1.8.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.i386" }, "product_reference": "httpd-debuginfo-0:2.0.59-1.el4s1.8.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64" }, "product_reference": "httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.59-1.el4s1.8.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.i386" }, "product_reference": "httpd-devel-0:2.0.59-1.el4s1.8.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.59-1.el4s1.8.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.x86_64" }, "product_reference": "httpd-devel-0:2.0.59-1.el4s1.8.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.59-1.el4s1.8.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.i386" }, "product_reference": "httpd-manual-0:2.0.59-1.el4s1.8.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.59-1.el4s1.8.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.x86_64" }, "product_reference": "httpd-manual-0:2.0.59-1.el4s1.8.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.59-1.el4s1.8.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.i386" }, "product_reference": "mod_ssl-1:2.0.59-1.el4s1.8.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.59-1.el4s1.8.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.x86_64" }, "product_reference": "mod_ssl-1:2.0.59-1.el4s1.8.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.59-1.el4s1.8.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.8.i386" }, "product_reference": "httpd-0:2.0.59-1.el4s1.8.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.59-1.el4s1.8.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.8.src" }, "product_reference": "httpd-0:2.0.59-1.el4s1.8.src", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.59-1.el4s1.8.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.8.x86_64" }, "product_reference": "httpd-0:2.0.59-1.el4s1.8.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.59-1.el4s1.8.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.i386" }, "product_reference": "httpd-debuginfo-0:2.0.59-1.el4s1.8.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64" }, "product_reference": "httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.59-1.el4s1.8.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.i386" }, "product_reference": "httpd-devel-0:2.0.59-1.el4s1.8.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.59-1.el4s1.8.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.x86_64" }, "product_reference": "httpd-devel-0:2.0.59-1.el4s1.8.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.59-1.el4s1.8.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.i386" }, "product_reference": "httpd-manual-0:2.0.59-1.el4s1.8.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.59-1.el4s1.8.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.x86_64" }, "product_reference": "httpd-manual-0:2.0.59-1.el4s1.8.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.59-1.el4s1.8.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.i386" }, "product_reference": "mod_ssl-1:2.0.59-1.el4s1.8.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.59-1.el4s1.8.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.x86_64" }, "product_reference": "mod_ssl-1:2.0.59-1.el4s1.8.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.4-7.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:httpd-0:2.2.4-7.el5s2.i386" }, "product_reference": "httpd-0:2.2.4-7.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.4-7.el5s2.src as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:httpd-0:2.2.4-7.el5s2.src" }, "product_reference": "httpd-0:2.2.4-7.el5s2.src", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.4-7.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:httpd-0:2.2.4-7.el5s2.x86_64" }, "product_reference": "httpd-0:2.2.4-7.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.4-7.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:httpd-debuginfo-0:2.2.4-7.el5s2.i386" }, "product_reference": "httpd-debuginfo-0:2.2.4-7.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.2.4-7.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:httpd-debuginfo-0:2.2.4-7.el5s2.x86_64" }, "product_reference": "httpd-debuginfo-0:2.2.4-7.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.4-7.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:httpd-devel-0:2.2.4-7.el5s2.i386" }, "product_reference": "httpd-devel-0:2.2.4-7.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.4-7.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:httpd-devel-0:2.2.4-7.el5s2.x86_64" }, "product_reference": "httpd-devel-0:2.2.4-7.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.4-7.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:httpd-manual-0:2.2.4-7.el5s2.i386" }, "product_reference": "httpd-manual-0:2.2.4-7.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.4-7.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:httpd-manual-0:2.2.4-7.el5s2.x86_64" }, "product_reference": "httpd-manual-0:2.2.4-7.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.4-7.el5s2.i386 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:mod_ssl-1:2.2.4-7.el5s2.i386" }, "product_reference": "mod_ssl-1:2.2.4-7.el5s2.i386", "relates_to_product_reference": "5Server-Stacks" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.4-7.el5s2.x86_64 as a component of Red Hat Application Stack v2 for Enterprise Linux (v.5)", "product_id": "5Server-Stacks:mod_ssl-1:2.2.4-7.el5s2.x86_64" }, "product_reference": "mod_ssl-1:2.2.4-7.el5s2.x86_64", "relates_to_product_reference": "5Server-Stacks" } ] }, "vulnerabilities": [ { "cve": "CVE-2007-3847", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2007-08-01T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "5Server-Stacks:httpd-0:2.2.4-7.el5s2.i386", "5Server-Stacks:httpd-0:2.2.4-7.el5s2.src", "5Server-Stacks:httpd-0:2.2.4-7.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.4-7.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.4-7.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.4-7.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.4-7.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.4-7.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.4-7.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.4-7.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.4-7.el5s2.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "250731" } ], "notes": [ { "category": "description", "text": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: out of bounds read", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.8.src", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.8.x86_64", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.x86_64", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.x86_64", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.8.src", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.x86_64" ], "known_not_affected": [ "5Server-Stacks:httpd-0:2.2.4-7.el5s2.i386", "5Server-Stacks:httpd-0:2.2.4-7.el5s2.src", "5Server-Stacks:httpd-0:2.2.4-7.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.4-7.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.4-7.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.4-7.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.4-7.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.4-7.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.4-7.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.4-7.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.4-7.el5s2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3847" }, { "category": "external", "summary": "RHBZ#250731", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3847", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847" } ], "release_date": "2007-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2007-10-25T17:35:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.8.src", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.8.x86_64", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.x86_64", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.x86_64", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.8.src", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2007:0911" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: out of bounds read" }, { "cve": "CVE-2007-4465", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-09-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "5Server-Stacks:httpd-0:2.2.4-7.el5s2.i386", "5Server-Stacks:httpd-0:2.2.4-7.el5s2.src", "5Server-Stacks:httpd-0:2.2.4-7.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.4-7.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.4-7.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.4-7.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.4-7.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.4-7.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.4-7.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.4-7.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.4-7.el5s2.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "289511" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_autoindex XSS", "title": "Vulnerability summary" }, { "category": "other", "text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.8.src", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.8.x86_64", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.x86_64", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.x86_64", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.8.src", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.x86_64" ], "known_not_affected": [ "5Server-Stacks:httpd-0:2.2.4-7.el5s2.i386", "5Server-Stacks:httpd-0:2.2.4-7.el5s2.src", "5Server-Stacks:httpd-0:2.2.4-7.el5s2.x86_64", "5Server-Stacks:httpd-debuginfo-0:2.2.4-7.el5s2.i386", "5Server-Stacks:httpd-debuginfo-0:2.2.4-7.el5s2.x86_64", "5Server-Stacks:httpd-devel-0:2.2.4-7.el5s2.i386", "5Server-Stacks:httpd-devel-0:2.2.4-7.el5s2.x86_64", "5Server-Stacks:httpd-manual-0:2.2.4-7.el5s2.i386", "5Server-Stacks:httpd-manual-0:2.2.4-7.el5s2.x86_64", "5Server-Stacks:mod_ssl-1:2.2.4-7.el5s2.i386", "5Server-Stacks:mod_ssl-1:2.2.4-7.el5s2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4465" }, { "category": "external", "summary": "RHBZ#289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465" } ], "release_date": "2007-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2007-10-25T17:35:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.8.src", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.8.x86_64", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.x86_64", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.x86_64", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.i386", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.8.src", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.8.x86_64", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.i386", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2007:0911" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_autoindex XSS" } ] }
rhsa-2008_0523
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat Network Proxy Server version 4.2.3 is now available. This update\nincludes fixes for a number of security issues in Red Hat Network Proxy\nServer components.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "The Red Hat Network Proxy Server 4.2.3 release corrects several security\nvulnerabilities in several shipped components. In a typical operating\nenvironment, these components are not exposed to users of Proxy Server in a\nvulnerable manner. These security updates will reduce risk in unique Proxy\nServer environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws could\nresult in a cross-site scripting or denial-of-service attack.\n(CVE-2007-6388, CVE-2007-5000, CVE-2007-4465, CVE-2007-3304, CVE-2006-5752,\nCVE-2006-3918, CVE-2005-3352)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nMultiple flaws in mod_ssl. (CVE-2004-0488, CVE-2004-0700, CVE-2004-0885)\n\nA denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329)\n\nUsers of Red Hat Network Proxy Server 4.2 are advised to upgrade to 4.2.3,\nwhich resolves these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0523", "url": "https://access.redhat.com/errata/RHSA-2008:0523" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "449336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=449336" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0523.json" } ], "title": "Red Hat Security Advisory: Red Hat Network Proxy Server security update", "tracking": { "current_release_date": "2024-11-05T16:55:48+00:00", "generator": { "date": "2024-11-05T16:55:48+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2008:0523", "initial_release_date": "2008-06-30T15:29:00+00:00", "revision_history": [ { "date": "2008-06-30T15:29:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-06-30T11:32:56+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T16:55:48+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite Proxy v 4.2 (RHEL v.3 AS)", "product": { "name": "Red Hat Satellite Proxy v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNPROXY4.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_proxy:4.2::el3" } } }, { "category": "product_name", "name": "Red Hat Satellite Proxy v 4.2 (RHEL v.4 AS)", "product": { "name": "Red Hat Satellite Proxy v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNPROXY4.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_proxy:4.2::el4" } } } ], "category": "product_family", "name": "Red Hat Satellite Proxy" }, { "branches": [ { "category": "product_version", "name": "jabberd-0:2.0s10-3.37.rhn.i386", "product": { "name": "jabberd-0:2.0s10-3.37.rhn.i386", "product_id": "jabberd-0:2.0s10-3.37.rhn.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/jabberd@2.0s10-3.37.rhn?arch=i386" } } }, { "category": "product_version", "name": "rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "product": { "name": "rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "product_id": "rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-apache@1.3.27-36.rhn.rhel3?arch=i386" } } }, { "category": "product_version", "name": "rhn-modperl-0:1.29-16.rhel3.i386", "product": { "name": "rhn-modperl-0:1.29-16.rhel3.i386", "product_id": "rhn-modperl-0:1.29-16.rhel3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modperl@1.29-16.rhel3?arch=i386" } } }, { "category": "product_version", "name": "jabberd-0:2.0s10-3.38.rhn.i386", "product": { "name": "jabberd-0:2.0s10-3.38.rhn.i386", "product_id": "jabberd-0:2.0s10-3.38.rhn.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/jabberd@2.0s10-3.38.rhn?arch=i386" } } }, { "category": "product_version", "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "product": { "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "product_id": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-apache@1.3.27-36.rhn.rhel4?arch=i386" } } }, { "category": "product_version", "name": "rhn-modperl-0:1.29-16.rhel4.i386", "product": { "name": "rhn-modperl-0:1.29-16.rhel4.i386", "product_id": "rhn-modperl-0:1.29-16.rhel4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhn-modperl@1.29-16.rhel4?arch=i386" } } } ], "category": "architecture", "name": "i386" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jabberd-0:2.0s10-3.37.rhn.i386 as a component of Red Hat Satellite Proxy v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386" }, "product_reference": "jabberd-0:2.0s10-3.37.rhn.i386", "relates_to_product_reference": "3AS-RHNPROXY4.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-apache-0:1.3.27-36.rhn.rhel3.i386 as a component of Red Hat Satellite Proxy v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386" }, "product_reference": "rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "relates_to_product_reference": "3AS-RHNPROXY4.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modperl-0:1.29-16.rhel3.i386 as a component of Red Hat Satellite Proxy v 4.2 (RHEL v.3 AS)", "product_id": "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386" }, "product_reference": "rhn-modperl-0:1.29-16.rhel3.i386", "relates_to_product_reference": "3AS-RHNPROXY4.2" }, { "category": "default_component_of", "full_product_name": { "name": "jabberd-0:2.0s10-3.38.rhn.i386 as a component of Red Hat Satellite Proxy v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386" }, "product_reference": "jabberd-0:2.0s10-3.38.rhn.i386", "relates_to_product_reference": "4AS-RHNPROXY4.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386 as a component of Red Hat Satellite Proxy v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386" }, "product_reference": "rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "relates_to_product_reference": "4AS-RHNPROXY4.2" }, { "category": "default_component_of", "full_product_name": { "name": "rhn-modperl-0:1.29-16.rhel4.i386 as a component of Red Hat Satellite Proxy v 4.2 (RHEL v.4 AS)", "product_id": "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" }, "product_reference": "rhn-modperl-0:1.29-16.rhel4.i386", "relates_to_product_reference": "4AS-RHNPROXY4.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2004-0488", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430867" } ], "notes": [ { "category": "description", "text": "Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_ssl ssl_util_uuencode_binary CA issue", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0488" }, { "category": "external", "summary": "RHBZ#430867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430867" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0488", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0488" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0488", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0488" } ], "release_date": "2004-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:29:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0523" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mod_ssl ssl_util_uuencode_binary CA issue" }, { "cve": "CVE-2004-0700", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430866" } ], "notes": [ { "category": "description", "text": "Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_proxy hook format string", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0700" }, { "category": "external", "summary": "RHBZ#430866", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430866" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0700", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0700" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0700", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0700" } ], "release_date": "2004-07-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:29:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0523" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mod_proxy hook format string" }, { "cve": "CVE-2004-0885", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430637" } ], "notes": [ { "category": "description", "text": "The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the \"SSLCipherSuite\" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_ssl SSLCipherSuite bypass", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2004-0885" }, { "category": "external", "summary": "RHBZ#430637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430637" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0885", "url": "https://www.cve.org/CVERecord?id=CVE-2004-0885" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0885", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0885" } ], "release_date": "2004-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:29:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0523" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mod_ssl SSLCipherSuite bypass" }, { "cve": "CVE-2005-3352", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2005-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "430524" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd cross-site scripting flaw in mod_imap", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2005-3352" }, { "category": "external", "summary": "RHBZ#430524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430524" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3352", "url": "https://www.cve.org/CVERecord?id=CVE-2005-3352" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3352", "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3352" } ], "release_date": "2005-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:29:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0523" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd cross-site scripting flaw in mod_imap" }, { "cve": "CVE-2006-1329", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "429254" } ], "notes": [ { "category": "description", "text": "The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service (\"c2s segfault\") by sending a \"response stanza before an auth stanza\".", "title": "Vulnerability description" }, { "category": "summary", "text": "jabberd SASL DoS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-1329" }, { "category": "external", "summary": "RHBZ#429254", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429254" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-1329", "url": "https://www.cve.org/CVERecord?id=CVE-2006-1329" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-1329", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1329" } ], "release_date": "2006-03-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:29:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0523" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jabberd SASL DoS" }, { "cve": "CVE-2006-3918", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2006-07-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "200732" } ], "notes": [ { "category": "description", "text": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Expect header XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-3918" }, { "category": "external", "summary": "RHBZ#200732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3918", "url": "https://www.cve.org/CVERecord?id=CVE-2006-3918" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918" } ], "release_date": "2006-05-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:29:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0523" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: Expect header XSS" }, { "cve": "CVE-2006-5752", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "245112" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd mod_status XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-5752" }, { "category": "external", "summary": "RHBZ#245112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752", "url": "https://www.cve.org/CVERecord?id=CVE-2006-5752" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752" } ], "release_date": "2007-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:29:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0523" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd mod_status XSS" }, { "cve": "CVE-2007-1349", "discovery_date": "2007-05-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "240423" } ], "notes": [ { "category": "description", "text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_perl PerlRun denial of service", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1349" }, { "category": "external", "summary": "RHBZ#240423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1349" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349" } ], "release_date": "2007-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:29:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0523" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mod_perl PerlRun denial of service" }, { "cve": "CVE-2007-3304", "discovery_date": "2007-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "245111" } ], "notes": [ { "category": "description", "text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd scoreboard lack of PID protection", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3304" }, { "category": "external", "summary": "RHBZ#245111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304" } ], "release_date": "2007-06-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:29:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0523" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd scoreboard lack of PID protection" }, { "cve": "CVE-2007-4465", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-09-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "289511" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", "title": "Vulnerability description" }, { "category": "summary", "text": "mod_autoindex XSS", "title": "Vulnerability summary" }, { "category": "other", "text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "title": "Statement" } ], "product_status": { "fixed": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4465" }, { "category": "external", "summary": "RHBZ#289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465" } ], "release_date": "2007-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:29:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0523" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mod_autoindex XSS" }, { "cve": "CVE-2007-5000", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "419931" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_imagemap XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-5000" }, { "category": "external", "summary": "RHBZ#419931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000", "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000" } ], "release_date": "2007-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:29:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0523" } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_imagemap XSS" }, { "cve": "CVE-2007-6388", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2008-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "427228" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache mod_status cross-site scripting", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-6388" }, { "category": "external", "summary": "RHBZ#427228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388", "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388" } ], "release_date": "2007-12-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-06-30T15:29:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "3AS-RHNPROXY4.2:jabberd-0:2.0s10-3.37.rhn.i386", "3AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel3.i386", "3AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel3.i386", "4AS-RHNPROXY4.2:jabberd-0:2.0s10-3.38.rhn.i386", "4AS-RHNPROXY4.2:rhn-apache-0:1.3.27-36.rhn.rhel4.i386", "4AS-RHNPROXY4.2:rhn-modperl-0:1.29-16.rhel4.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0523" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache mod_status cross-site scripting" } ] }
CVE-2007-4465
Vulnerability from jvndb
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html", "dc:date": "2009-11-16T11:52+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2009-11-16T11:52+09:00", "description": "The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html", "sec:cpe": [ { "#text": "cpe:/a:apache:http_server", "@product": "Apache HTTP Server", "@vendor": "Apache Software Foundation", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_studio", "@product": "Interstage Studio", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_web_server", "@product": "Interstage Web Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "@product": "Systemwalker Resource Coordinator", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_web_server", "@product": "Hitachi Web Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x_server", "@product": "Apple Mac OS X Server", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:rhel_desktop_workstation", "@product": "RHEL Desktop Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_appliance_server", "@product": "Turbolinux Appliance Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_fuji", "@product": "Turbolinux FUJI", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-001022", "sec:references": [ { "#text": "http://jvn.jp/en/tr/TRTA08-150A/index.html", "@id": "TRTA08-150A", "@source": "JVNTR" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465", "@id": "CVE-2007-4465", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4465", "@id": "CVE-2007-4465", "@source": "NVD" }, { "#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html", "@id": "SA08-150A", "@source": "CERT-SA" }, { "#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html", "@id": "TA08-150A", "@source": "CERT-TA" }, { "#text": "http://www.securityfocus.com/bid/25653", "@id": "25653", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/36586", "@id": "36586", "@source": "XF" }, { "#text": "http://www.securitytracker.com/id?1019194", "@id": "1019194", "@source": "SECTRACK" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Apache UTF-7 Encoding Cross-Site Scripting Vulnerability" }
ghsa-7286-985c-74qv
Vulnerability from github
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
{ "affected": [], "aliases": [ "CVE-2007-4465" ], "database_specific": { "cwe_ids": [ "CWE-79" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2007-09-14T00:17:00Z", "severity": "MODERATE" }, "details": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", "id": "GHSA-7286-985c-74qv", "modified": "2022-05-01T18:23:56Z", "published": "2022-05-01T18:23:56Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089" }, { "type": "WEB", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html" }, { "type": "WEB", "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" }, { "type": "WEB", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "type": "WEB", "url": "http://secunia.com/advisories/26842" }, { "type": "WEB", "url": "http://secunia.com/advisories/26952" }, { "type": "WEB", "url": "http://secunia.com/advisories/27563" }, { "type": "WEB", "url": "http://secunia.com/advisories/27732" }, { "type": "WEB", "url": "http://secunia.com/advisories/28467" }, { "type": "WEB", "url": "http://secunia.com/advisories/28471" }, { "type": "WEB", "url": "http://secunia.com/advisories/28607" }, { "type": "WEB", "url": "http://secunia.com/advisories/28749" }, { "type": "WEB", "url": "http://secunia.com/advisories/30430" }, { "type": "WEB", "url": "http://secunia.com/advisories/31651" }, { "type": "WEB", "url": "http://secunia.com/advisories/33105" }, { "type": "WEB", "url": "http://secunia.com/advisories/35650" }, { "type": "WEB", "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "type": "WEB", "url": "http://securityreason.com/achievement_securityalert/46" }, { "type": "WEB", "url": "http://securityreason.com/securityalert/3113" }, { "type": "WEB", "url": "http://securitytracker.com/id?1019194" }, { "type": "WEB", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm" }, { "type": "WEB", "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6" }, { "type": "WEB", "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014" }, { "type": "WEB", "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "type": "WEB", "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/25653" }, { "type": "WEB", "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "type": "WEB", "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/1697" } ], "schema_version": "1.4.0", "severity": [] }
var-200709-0495
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. Apache is affected by a vulnerability that may cause certain web pages to be prone to a cross-site scripting attack. This issue stems from a lack of a defined charset on certain generated pages. Web pages generated by the affected source code may be prone to a cross-site scripting issue. Versions prior to Apache 2.2.6 are affected. NOTE: Reports indicate that this issue does not occur when the application is running on Windows operating systems. =========================================================== Ubuntu Security Notice USN-575-1 February 04, 2008 apache2 vulnerabilities CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-mpm-perchild 2.0.55-4ubuntu2.3 apache2-mpm-prefork 2.0.55-4ubuntu2.3 apache2-mpm-worker 2.0.55-4ubuntu2.3
Ubuntu 6.10: apache2-mpm-perchild 2.0.55-4ubuntu4.2 apache2-mpm-prefork 2.0.55-4ubuntu4.2 apache2-mpm-worker 2.0.55-4ubuntu4.2
Ubuntu 7.04: apache2-mpm-event 2.2.3-3.2ubuntu2.1 apache2-mpm-perchild 2.2.3-3.2ubuntu2.1 apache2-mpm-prefork 2.2.3-3.2ubuntu2.1 apache2-mpm-worker 2.2.3-3.2ubuntu2.1
Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.1 apache2-mpm-perchild 2.2.4-3ubuntu0.1 apache2-mpm-prefork 2.2.4-3ubuntu0.1 apache2-mpm-worker 2.2.4-3ubuntu0.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. (CVE-2006-3918)
It was discovered that when configured as a proxy server and using a threaded MPM, Apache did not properly sanitize its input. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847)
It was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465)
It was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. By default, mod_status is disabled in Ubuntu. (CVE-2007-6388)
It was discovered that mod_proxy_balancer did not sanitize its input, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421)
It was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)
It was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz
Size/MD5: 121305 10359a467847b63f8d6603081450fece
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc
Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb
Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 171402 3b7567107864cf36953e7911a4851738
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 172186 85a591ea061cbc727fc261b046781502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 94240 b80027348754c493312269f7410b38fe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 285664 76f4879738a0a788414316581ac2010b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 144250 3cd8327429958569a306257da57e8be0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 786052 7bdddb451607eeb2abb9706641675397
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 215932 bee4a6e00371117203647fd3a311658a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 219800 aaf4968deba24912e4981f35a367a086
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 93282 1ae6def788c74750d79055784c0d8006
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 267832 96c149638daeb993250b18c9f4285abf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz
Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc
Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb
Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 145340 109c93408c5197be50960cce80c23b7c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 209552 8a23207211e54b138d5a87c15c097908
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 171636 07616e459905bad152a8669c8f670436
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 222022 e37ef7d710800e568d838242d3129725
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 208354 0a571678c269d1da06787dac56567f1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 212052 90754ccdcd95e652413426376078d223
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz
Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc
Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz
Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 971426 30db1106dfea5106da54d2287c02a380
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 403974 65a11cfaee921517445cf74ed04df701
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 434308 2073137bb138dc52bbace666714f4e14
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 343774 880faca3543426734431c29de77c3048
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz
Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc
Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz
Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 278032 4f8270cff0a532bd059741b366047da9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 435354 f3557e1a87154424e9144cf672110e93
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8
. An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847).
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.59-r5"
References
[ 1 ] CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 [ 2 ] CVE-2007-1862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862 [ 3 ] CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 [ 4 ] CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 [ 5 ] CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 [ 6 ] CVE-2007-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200711-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Likewise, a similar crash could occur on sites with a forward proxy configured if a user could be persuaded to visit a malicious site using the proxy (CVE-2007-3847).
A flaw in the Apache mod_autoindex module was found. On sites where directory listings are used and the AddDefaultCharset directive was removed from the configuration, a cross-site-scripting attack could be possible against browsers that to not correctly derive the response character set according to the rules in RGC 2616 (CVE-2007-4465).
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
Updated Packages:
Mandriva Linux 2007.0: 9bb73822e8ae92ba87aa8baa21d467d1 2007.0/i586/apache-base-2.2.3-1.2mdv2007.0.i586.rpm 1949631d7fc0f87c91ba5dd9e738e036 2007.0/i586/apache-devel-2.2.3-1.2mdv2007.0.i586.rpm 3fed692d7b2eefe64bdd5f557fb0d838 2007.0/i586/apache-htcacheclean-2.2.3-1.2mdv2007.0.i586.rpm 86b32442b40c9e8ee9ba4bc1def61157 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.i586.rpm a6ca98077bee65a270a7777f6a3f3b60 2007.0/i586/apache-mod_cache-2.2.3-1.2mdv2007.0.i586.rpm 3bf50ab09740de6e718dc38e5320a3f7 2007.0/i586/apache-mod_dav-2.2.3-1.2mdv2007.0.i586.rpm 11e3dde4beab554a1523261979852fee 2007.0/i586/apache-mod_dbd-2.2.3-1.2mdv2007.0.i586.rpm 993926a12a2b5192059961a8bcbf4e2c 2007.0/i586/apache-mod_deflate-2.2.3-1.2mdv2007.0.i586.rpm 8553d309d0b537732375fbf0ab6c3187 2007.0/i586/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.i586.rpm 83a1fce76091ea660989b5b310d545ab 2007.0/i586/apache-mod_file_cache-2.2.3-1.2mdv2007.0.i586.rpm c7799b98922ee0e2f5bd114a3b2f3816 2007.0/i586/apache-mod_ldap-2.2.3-1.2mdv2007.0.i586.rpm b3e79d78c26282b39322910be91cd410 2007.0/i586/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.i586.rpm 6c72e3c58cb10447304328c2f863651a 2007.0/i586/apache-mod_proxy-2.2.3-1.2mdv2007.0.i586.rpm a6d09de71a6b7bf7bb1cafc187777be7 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.i586.rpm 05eee18af88226fb76766a9b88d843a8 2007.0/i586/apache-mod_ssl-2.2.3-1.2mdv2007.0.i586.rpm c499609426acef2255940cab04a28b5c 2007.0/i586/apache-mod_userdir-2.2.3-1.2mdv2007.0.i586.rpm bcd0563b948d8958de5a8da12e5ecd85 2007.0/i586/apache-modules-2.2.3-1.2mdv2007.0.i586.rpm 5c4777a2db7fd28b233d1bcc1d570a70 2007.0/i586/apache-mpm-prefork-2.2.3-1.2mdv2007.0.i586.rpm fa38945281388cfd4d37d2f98187a0b0 2007.0/i586/apache-mpm-worker-2.2.3-1.2mdv2007.0.i586.rpm 30e14fac38a58a8ab4bf59a6ecb59f9a 2007.0/i586/apache-source-2.2.3-1.2mdv2007.0.i586.rpm 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 3301ff7aa05c7cb14eecfc82d1d7fe33 2007.0/x86_64/apache-base-2.2.3-1.2mdv2007.0.x86_64.rpm f0f6cc2cc841959558ab0222d975a9cc 2007.0/x86_64/apache-devel-2.2.3-1.2mdv2007.0.x86_64.rpm 7bf4dbf62cd08717fc3704798d0c839d 2007.0/x86_64/apache-htcacheclean-2.2.3-1.2mdv2007.0.x86_64.rpm ecb3772fac317f54303d1d67c2b1c7a2 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm c6cb91541e0f7a24b337da09ee7eb248 2007.0/x86_64/apache-mod_cache-2.2.3-1.2mdv2007.0.x86_64.rpm f39c5879ff62c5d8dcc41ae73d1ca0cd 2007.0/x86_64/apache-mod_dav-2.2.3-1.2mdv2007.0.x86_64.rpm 562dc2a4e6246fa7dde9986af40ec847 2007.0/x86_64/apache-mod_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm 7be58654d28b2fc0207c3e44370cd118 2007.0/x86_64/apache-mod_deflate-2.2.3-1.2mdv2007.0.x86_64.rpm 6e4314853613d0d9fdd048c8ee96a510 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.x86_64.rpm 5fd5dc78b84bb5579291d27f626cb660 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.2mdv2007.0.x86_64.rpm d5eecb080611220807820106c24b1e22 2007.0/x86_64/apache-mod_ldap-2.2.3-1.2mdv2007.0.x86_64.rpm bed61f6dcb6311d99fb97225a0b48849 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.x86_64.rpm f0d3bb15ba884824380ef1cf0bd129b8 2007.0/x86_64/apache-mod_proxy-2.2.3-1.2mdv2007.0.x86_64.rpm 8f8969581110089a51cf506b8566315e 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.x86_64.rpm 1a40d73c8fbbae8868f09ef947407dad 2007.0/x86_64/apache-mod_ssl-2.2.3-1.2mdv2007.0.x86_64.rpm 0cd432c837a9ba4795bda96b1d3cc98c 2007.0/x86_64/apache-mod_userdir-2.2.3-1.2mdv2007.0.x86_64.rpm f05d88bc8f9c163ca787c30e7bd84e52 2007.0/x86_64/apache-modules-2.2.3-1.2mdv2007.0.x86_64.rpm f5431063918c470fa1ccd6e23db4c70d 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.2mdv2007.0.x86_64.rpm 0db10b3a236c2f59a93eb2bc6ee6c35d 2007.0/x86_64/apache-mpm-worker-2.2.3-1.2mdv2007.0.x86_64.rpm 71f52e6e3afba9d1d923cc64291eb98f 2007.0/x86_64/apache-source-2.2.3-1.2mdv2007.0.x86_64.rpm 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.1: e443a21ce0b058aede2aaf82d12d22f7 2007.1/i586/apache-base-2.2.4-6.3mdv2007.1.i586.rpm 6d17234fb69995d52c012bb22f52bab3 2007.1/i586/apache-devel-2.2.4-6.3mdv2007.1.i586.rpm 6a44621592a2320b6d0e9549eceea6a9 2007.1/i586/apache-htcacheclean-2.2.4-6.3mdv2007.1.i586.rpm d0405211b42d562933cd2f802a4276bc 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.i586.rpm 3fd09fafa06eb4e08ad975f9972f28f8 2007.1/i586/apache-mod_cache-2.2.4-6.3mdv2007.1.i586.rpm d61498465662a9c4a7f77f2dcc9438a7 2007.1/i586/apache-mod_dav-2.2.4-6.3mdv2007.1.i586.rpm fbb6c3ccfd793a8f2b9889ed399d5aad 2007.1/i586/apache-mod_dbd-2.2.4-6.3mdv2007.1.i586.rpm 0e67be9eaacb5f8686acdd95d26b8b47 2007.1/i586/apache-mod_deflate-2.2.4-6.3mdv2007.1.i586.rpm f1a050f23e3bc518b8aecd3c6cd5fd91 2007.1/i586/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.i586.rpm d95079c4a7627fe47d529dbe99549023 2007.1/i586/apache-mod_file_cache-2.2.4-6.3mdv2007.1.i586.rpm b24dcaec7dc26c107ff0962d46c7b3a1 2007.1/i586/apache-mod_ldap-2.2.4-6.3mdv2007.1.i586.rpm 98e97b3bd11ca7939aef2bae47c2c497 2007.1/i586/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.i586.rpm bffefef1346635e79f04d0ae56169ab1 2007.1/i586/apache-mod_proxy-2.2.4-6.3mdv2007.1.i586.rpm 0c5881d9e76e9ae20470a954200465ae 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.i586.rpm 21f665113f11b4b88330b887254023f8 2007.1/i586/apache-mod_ssl-2.2.4-6.3mdv2007.1.i586.rpm 192801a60a254a58b57e2f1377ce42c4 2007.1/i586/apache-mod_userdir-2.2.4-6.3mdv2007.1.i586.rpm 51fc25858a4ee79d2fd2cfe460c90708 2007.1/i586/apache-modules-2.2.4-6.3mdv2007.1.i586.rpm d6256083a3df248847340d3c14ecb9ff 2007.1/i586/apache-mpm-event-2.2.4-6.3mdv2007.1.i586.rpm 1359ad128d2d7a24d9211cf7f0276e15 2007.1/i586/apache-mpm-itk-2.2.4-6.3mdv2007.1.i586.rpm d65ac7009e90022455c79debf48cdbdb 2007.1/i586/apache-mpm-prefork-2.2.4-6.3mdv2007.1.i586.rpm f1d8883b5e633cbb6e3832e7b3c4a4cb 2007.1/i586/apache-mpm-worker-2.2.4-6.3mdv2007.1.i586.rpm 947251a0ac81cb912bc4c900bb80e6e7 2007.1/i586/apache-source-2.2.4-6.3mdv2007.1.i586.rpm 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 444c86d0a5711e30534400781c0cbcf1 2007.1/x86_64/apache-base-2.2.4-6.3mdv2007.1.x86_64.rpm 02514acbf20766b1486389ce4d3e1ed0 2007.1/x86_64/apache-devel-2.2.4-6.3mdv2007.1.x86_64.rpm f6f4126d5a414d7ca686395173aaa3b4 2007.1/x86_64/apache-htcacheclean-2.2.4-6.3mdv2007.1.x86_64.rpm 1a45be10e44347c913d6493a0d3ad25f 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm 5e6df108e6fb0083ffe96810f41bc9ea 2007.1/x86_64/apache-mod_cache-2.2.4-6.3mdv2007.1.x86_64.rpm 31877eb202cbc9cf0869a3d7bc51b47a 2007.1/x86_64/apache-mod_dav-2.2.4-6.3mdv2007.1.x86_64.rpm 33a4ce4f105fbed60b2cdfc73fd524c6 2007.1/x86_64/apache-mod_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm e093528141ed7cd178ae27743ed4ea69 2007.1/x86_64/apache-mod_deflate-2.2.4-6.3mdv2007.1.x86_64.rpm 697a3930734d4570db3aeadc0aac2032 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.x86_64.rpm c8a20e21d7b07363c8efc8b23078a5e8 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.3mdv2007.1.x86_64.rpm d42e4f3cc5ca6ac006d3e4bb7a750273 2007.1/x86_64/apache-mod_ldap-2.2.4-6.3mdv2007.1.x86_64.rpm e8fc195d18dbb431257dd816bdfa7845 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.x86_64.rpm ce7184cd8abf4aa7c98d47a64133c19f 2007.1/x86_64/apache-mod_proxy-2.2.4-6.3mdv2007.1.x86_64.rpm 98957b99a54cb32d6ba055d5f059b7ec 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.x86_64.rpm 17b824837cf63210790e6201154cb94a 2007.1/x86_64/apache-mod_ssl-2.2.4-6.3mdv2007.1.x86_64.rpm 5a2d9f93603eebdde04f8967a07b063d 2007.1/x86_64/apache-mod_userdir-2.2.4-6.3mdv2007.1.x86_64.rpm 44f0ad99c93ae8905a2d32b799dc1520 2007.1/x86_64/apache-modules-2.2.4-6.3mdv2007.1.x86_64.rpm c5c469771e2f25683ddba3f694e28968 2007.1/x86_64/apache-mpm-event-2.2.4-6.3mdv2007.1.x86_64.rpm b691f2e760bdd30c797e46269842a437 2007.1/x86_64/apache-mpm-itk-2.2.4-6.3mdv2007.1.x86_64.rpm fa3551d06a7af5a31a040f90dd215a1d 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.3mdv2007.1.x86_64.rpm 8d2a09ba2b175cd36bbc0dc6dc4c18ea 2007.1/x86_64/apache-mpm-worker-2.2.4-6.3mdv2007.1.x86_64.rpm 7037cb86ca137f40364749a0933b432c 2007.1/x86_64/apache-source-2.2.4-6.3mdv2007.1.x86_64.rpm 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm
Corporate 3.0: 5bbdb8ac0d8133c1b09d373cbe35f5ea corporate/3.0/i586/apache2-2.0.48-6.15.C30mdk.i586.rpm e14dfcec88913b5245d683502ff684d1 corporate/3.0/i586/apache2-common-2.0.48-6.15.C30mdk.i586.rpm 642b4136b2e2915db59801888b41d1e6 corporate/3.0/i586/apache2-devel-2.0.48-6.15.C30mdk.i586.rpm c8824d8aa09e4917f9b35b1c659b5181 corporate/3.0/i586/apache2-manual-2.0.48-6.15.C30mdk.i586.rpm 09af9e7945caec7163a12be1a14302ee corporate/3.0/i586/apache2-mod_cache-2.0.48-6.15.C30mdk.i586.rpm 374a782a9211ee321f31a4e716d6bb97 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.15.C30mdk.i586.rpm 88a31c94bc077aa0a91f000b839d4b69 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.15.C30mdk.i586.rpm 8e55a5d1949805b0a6a4f84d571ab4ff corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.i586.rpm 16b573b8a914ab130ac660cce8bddfdb corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.15.C30mdk.i586.rpm 68fdee10fc216a354849a6fc5d89e7cf corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.15.C30mdk.i586.rpm 9e75fe104df971a7a707efb0d6735288 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.i586.rpm 006f66a419a5f81085bc6fd74e4c1235 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.15.C30mdk.i586.rpm f0910407a4042202cec58ebdb74127d3 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.15.C30mdk.i586.rpm 43578ffa09c88aa636c6df329cebe81a corporate/3.0/i586/apache2-modules-2.0.48-6.15.C30mdk.i586.rpm c5c8b21b0bbc8e57f81baa317ccba3f3 corporate/3.0/i586/apache2-source-2.0.48-6.15.C30mdk.i586.rpm f38fcbb77b956304d63d36ad7b003b05 corporate/3.0/i586/libapr0-2.0.48-6.15.C30mdk.i586.rpm aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm
Corporate 3.0/X86_64: 52f3a65b7c0e82d517e66d4b176aa33e corporate/3.0/x86_64/apache2-2.0.48-6.15.C30mdk.x86_64.rpm b54119aca1142e9e9a848cbc18f2a5d0 corporate/3.0/x86_64/apache2-common-2.0.48-6.15.C30mdk.x86_64.rpm e5ac1fdacf86a8214105cc13d3c439aa corporate/3.0/x86_64/apache2-devel-2.0.48-6.15.C30mdk.x86_64.rpm 1bc73ab39962a806585f1c669b8c1f7e corporate/3.0/x86_64/apache2-manual-2.0.48-6.15.C30mdk.x86_64.rpm 87af39a3721856a710383cd51815fbaf corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.15.C30mdk.x86_64.rpm c03c3c1774c1baafaf44a4bb17ca74c6 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.15.C30mdk.x86_64.rpm 0ef802c1187c979d48db6ae4672fb21b corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.15.C30mdk.x86_64.rpm c7d6772332baffc85fd1472e018f5546 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.x86_64.rpm 45965308167632623ff93de397d4041d corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.15.C30mdk.x86_64.rpm 17e2a48cc23d7983351706745c7cd553 corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.15.C30mdk.x86_64.rpm 5b047d484852dd9a2000028d8dcfb7e6 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.x86_64.rpm a5f32074ec310263bc03648b81d44173 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.15.C30mdk.x86_64.rpm 79c4a90fa0ab3bfa8dbe9b12daeff4cd corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.15.C30mdk.x86_64.rpm 15af8e5591d5ff99f5c157a0c01d4174 corporate/3.0/x86_64/apache2-modules-2.0.48-6.15.C30mdk.x86_64.rpm 462316c74fff690d2e98116ddf614d54 corporate/3.0/x86_64/apache2-source-2.0.48-6.15.C30mdk.x86_64.rpm 20553b85bf243e5986af1a3551549ed8 corporate/3.0/x86_64/lib64apr0-2.0.48-6.15.C30mdk.x86_64.rpm aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm
Corporate 4.0: 7d50fe1ac32dec6c4d57dd850950bdb1 corporate/4.0/i586/apache-base-2.2.3-1.2.20060mlcs4.i586.rpm 775785cf1a22f45a64d800fdfcc4a8bc corporate/4.0/i586/apache-devel-2.2.3-1.2.20060mlcs4.i586.rpm 79b64bb1793933f1c8b83e7eee2d4cfa corporate/4.0/i586/apache-htcacheclean-2.2.3-1.2.20060mlcs4.i586.rpm eac03081a34897376d542b7032dd03c2 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.i586.rpm 2c223bb1645aadfba8e6d1d6a2c8756c corporate/4.0/i586/apache-mod_cache-2.2.3-1.2.20060mlcs4.i586.rpm e4c4c07473f9644fc146e2f4d9ce95c8 corporate/4.0/i586/apache-mod_dav-2.2.3-1.2.20060mlcs4.i586.rpm 13f85bc068b14e497873c6028520580a corporate/4.0/i586/apache-mod_dbd-2.2.3-1.2.20060mlcs4.i586.rpm aaa52a86e4a6d3e5322fa140edc5535a corporate/4.0/i586/apache-mod_deflate-2.2.3-1.2.20060mlcs4.i586.rpm 574e07826a89f78883f2cfb3ca224e8c corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.i586.rpm 451efb60480fd0680b6c4f955c46ccf4 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.i586.rpm 73fa350b85ea63a5b3f69d8d387474aa corporate/4.0/i586/apache-mod_ldap-2.2.3-1.2.20060mlcs4.i586.rpm d2364f995210cdbbe324df10d49bef98 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.i586.rpm 145b17e675a42bed7b3a8c5ee883cf45 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.2.20060mlcs4.i586.rpm 92b82835be476736295c15954f2a9eb6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.i586.rpm 0dd6c7df0e3ea475b6b2d50ef4aa5ac0 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.2.20060mlcs4.i586.rpm d579208689ec9a72a599bf3510bdf942 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.2.20060mlcs4.i586.rpm 6fd43dfcfc649c8bcd4692ba9ebeee07 corporate/4.0/i586/apache-modules-2.2.3-1.2.20060mlcs4.i586.rpm 9fbf1dde58f17e3f0f29a8c3f1e1b6b6 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.i586.rpm 72f26a52381b68a8bbc6e2fcc9c0ac8c corporate/4.0/i586/apache-mpm-worker-2.2.3-1.2.20060mlcs4.i586.rpm 99a935e7047a27043159b6555d3444c7 corporate/4.0/i586/apache-source-2.2.3-1.2.20060mlcs4.i586.rpm 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 35a789ac173ed3cc0dda52270a194bad corporate/4.0/x86_64/apache-base-2.2.3-1.2.20060mlcs4.x86_64.rpm e9df753a94dfb136780651ac743e50eb corporate/4.0/x86_64/apache-devel-2.2.3-1.2.20060mlcs4.x86_64.rpm 3964c83541baaf5af0ccc828282a1954 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.2.20060mlcs4.x86_64.rpm 554ea610010d5f361bcc87d75d8d0f6f corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm 051c20e0f062d50a01c51ebad7dcb96d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm 59a05bd258ba6b4729238885d2fc0273 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.2.20060mlcs4.x86_64.rpm ceb391b54796f3ea763b81c5085da16c corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm 307726e1c4dfcca90093c19e3d17f504 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.2.20060mlcs4.x86_64.rpm 1500f6520843c6604192e4a621d5b9f1 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm e0ac5eb68e21253d33928fa28f0acb25 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm 21c68fdaf26b13ed2177bf458979df1e corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.2.20060mlcs4.x86_64.rpm 28ef0171caf2d11cca8fe4f0bf2473db corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm 019893e83acbfb730f79a8eb364ea042 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.2.20060mlcs4.x86_64.rpm 202b1fc0dd2d9364530abbbb13f799b0 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.x86_64.rpm 5cd3084106482b3f01b41cd716c702b8 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.2.20060mlcs4.x86_64.rpm 6a18ec0935144ead6f037f41e852a892 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.2.20060mlcs4.x86_64.rpm 622bb60b53fb48aef1b5a7fc94be3298 corporate/4.0/x86_64/apache-modules-2.2.3-1.2.20060mlcs4.x86_64.rpm f573d1aef5f29f14f8764fce5ea31a1d corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.x86_64.rpm 842d5d6ef1c73fcb0b41b9ff18a75960 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.2.20060mlcs4.x86_64.rpm 1cae994b8a6fb2d2aa9a803d7bb3178d corporate/4.0/x86_64/apache-source-2.2.3-1.2.20060mlcs4.x86_64.rpm 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0: 463f2a0de557bfcf7ae0655e5381b22f mnf/2.0/i586/apache2-2.0.48-6.16.M20mdk.i586.rpm 56117551a5480c85920263bcefb32c09 mnf/2.0/i586/apache2-common-2.0.48-6.16.M20mdk.i586.rpm c7496b0bb82f802cd8d17819ee1308bc mnf/2.0/i586/apache2-devel-2.0.48-6.16.M20mdk.i586.rpm 6be15ca61d9a7cc4cc4c7e4e55c4ffd1 mnf/2.0/i586/apache2-manual-2.0.48-6.16.M20mdk.i586.rpm 766a15298990769f14e5ad00745b9c7f mnf/2.0/i586/apache2-mod_cache-2.0.48-6.16.M20mdk.i586.rpm 21d7b83f3e1b80874c5c007c6659c470 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.16.M20mdk.i586.rpm 417055a9758a47db50fcd7ec0a7d4047 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.16.M20mdk.i586.rpm 90d4aa462e8edf12c52216fa4eeac6a1 mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.16.M20mdk.i586.rpm fbeb5bc02ada67198541cb4e1c2b1b27 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.16.M20mdk.i586.rpm 0f2e617217d9f418182ca89bab9703f0 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.16.M20mdk.i586.rpm 50e9dc2b73be1f0f3a45ca7da1adbcbf mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.16.M20mdk.i586.rpm 8352541a45d2c76ab840ca6f4b070ffb mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.16.M20mdk.i586.rpm 5744f88c6e59f26418f1f3f531f30734 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.16.M20mdk.i586.rpm 874dc6a00a02630401f7efeadc93935e mnf/2.0/i586/apache2-modules-2.0.48-6.16.M20mdk.i586.rpm efbd0f5ac6f292474d29f83d36bf86eb mnf/2.0/i586/apache2-source-2.0.48-6.16.M20mdk.i586.rpm 15bd1fcd65bd487b6fd5bba0a8ec530d mnf/2.0/i586/libapr0-2.0.48-6.16.M20mdk.i586.rpm 0e6b7bac08407b02457479763d27e885 mnf/2.0/SRPMS/apache2-2.0.48-6.16.M20mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01756421 Version: 1
HPSBUX02431 SSRT090085 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-06-29 Last Updated: 2009-06-25
Potential Security Impact: Remote Denial of Service (DoS), execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), or execution of arbitrary code.
References: CVE-2007-4465, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658. HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.03 or v2.0.59.09 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier HP-UX B.11.11 running Apache-based Web Server v2.0.59.09 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier
BACKGROUND
=============================================== Reference Base Vector Base Score CVE-nnnn-nnnn (AV:x/AC:x/Au:x/C:x/I:x/A:x) x.x =============================================== CVE-2007-4465 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0599 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-2168 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2371 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-2665 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-2666 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-2829 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-3659 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2008-3660 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-5498 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-5557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-5624 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-5625 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-5658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 ===============================================
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For Web Server v3.05 HP-UX B.11.23 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22TOMCAT.TOMCAT action: install revision B.2.2.8.04 or subsequent URL: http://software.hp.com
HP-UX B.11.31
hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT action: install revision B.2.2.8.04 or subsequent URL: http://software.hp.com
Web Server v2.25 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT action: install revision B.2.0.59.10 or subsequent URL: http://software.hp.com
HP-UX B.11.23
hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE .WEBPROXY hpuxwsTOMCAT.TOMCAT action: install revision B.2.0.59.10 or subsequent URL: http://software.hp.com
HP-UX B.11.31
hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT action: install revision B.2.0.59.10 or subsequent URL: http://software.hp.com
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 29 June 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[Apache2 Undefined Charset UTF-7 XSS Vulnerability ]
Author: SecurityReason Maksymilian Arciemowicz (cXIb8O3)
Date: - - Written: 08.08.2007 - - Public: 11.09.2007
SecurityReason Research SecurityAlert Id: 46
CVE: CVE-2007-4465 SecurityRisk: Low
Affected Software: Apache 2.x (mod_autoindex) Advisory URL: http://securityreason.com/achievement_securityalert/46 Vendor: http://httpd.apache.org
- --- 0.Description ---
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
Apache has been the most popular web server on the Internet since April 1996. The November 2005 Netcraft Web Server Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined.
- --- 1. Apache2 XSS Undefined Charset UTF-7 XSS Vulnerability ---
The XSS(UTF7) exist in mod_autoindex.c . Charset is not defined and we can provide XSS attack using "P" option available in apache 2.2.4 by setting Charset to UTF-7.
"P=pattern lists only files matching the given pattern"
More : http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html
- -Source code from mod_autoindex.c--------------
if APR_HAS_UNICODE_FS
ap_set_content_type(r, "text/html;charset=utf-8");
else
ap_set_content_type(r, "text/html");
endif
- -Source code from mod_autoindex.c--------------
if APR_HAS_UNICODE_FS is set to 1 then we have defined charset and this is present on Windows systems . But on on unix , linux systems the charset is not definded.
- --- EXAMPLE 1 ---
telnet localhost 80
Trying 127.0.0.1... Connected to localhost. Escape character is '^]'
GET /icons/ http/1.1 Host: localhost Content-type: text/html Keep-Alive: 300 Connection: keep-alive
HTTP/1.1 200 OK Date: Thu, 09 Aug 2007 01:01:48 GMT Server: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html
Index of /icons
... - --- EXAMPLE 1 --- - --- EXAMPLE 2 --- # telnet httpd.apache.org 80 Trying 140.211.11.130... Connected to httpd.apache.org. Escape character is '^]'. GET /icons/ http/1.1 Host: httpd.apache.org Content-type: text/html Keep-Alive: 300 Connection: keep-alive HTTP/1.1 200 OK Date: Wed, 08 Aug 2007 23:06:26 GMT Server: Apache/2.3.0-dev (Unix) Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/htmlIndex of /icons
... - --- EXAMPLE 2 --- Any request to folder /icons don't give charset in main header and in section. In requests like 400 404 etc charset is defined (standard UTF8). For example : - --- EXAMPLE 3 (400) --- # telnet 127.0.0.1 80 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. GET /%0 HTTP/1.1 Host: localhost HTTP/1.1 400 Bad Request Date: Thu, 09 Aug 2007 13:13:32 GMT Server: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 ... - --- EXAMPLE 3 --- - --- EXAMPLE 4 (404) --- # telnet 127.0.0.1 80 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. GET /noex HTTP/1.1 Host: localhost HTTP/1.1 404 Not Found Date: Thu, 09 Aug 2007 13:14:48 GMT Server: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 ... - --- EXAMPLE 4 --- Any request from family 4xx is defined with charset. Because it is possible put the text to site (like wrong patch) in 404. Main idea was that, anybody can't put any text to this site with folder. And it was good idea, but in apache 2.x exist option "P". Like: http://localhost/icons/?P=[Filter] Any value gived to this variable is displayed in html text. For example : http://localhost/icons/?P=Hallo - --- HTML --------Name - ----------------- - --- 2. Exploit --- SecurityReason is not going to release a exploit to the general public. Exploit was provided and tested for Apache Team . - --- 3. How to fix --- Update to Apache 2.2.6 http://www.apache.org/dist/httpd/CHANGES_2.2.6 - --- mod_autoindex: Add in Type and Charset options to IndexOptions directive. This allows the admin to explicitly set the content-type and charset of the generated page and is therefore a viable workaround for buggy browsers affected by CVE-2007-4465 (cve.mitre.org). [Jim Jagielski] - --- - --- 4. Greets --- For: sp3x, Infospec, p_e_a - --- 5. Contact --- Author: SecurityReason [ Maksymilian Arciemowicz ( cXIb8O3 ) ] Email: cxib [at] securityreason [dot] com GPG: http://securityreason.pl/key/Arciemowicz.Maksymilian.gpg http://securityreason.com http://securityreason.pl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (OpenBSD) iD8DBQFG6F0A3Ke13X/fTO4RAg49AJ9ZYTCR02BWOxInIA0qybXBagnu4wCdFvlo MGWmxpeZzSTbVKnHIP5M+2o= =BrVf -----END PGP SIGNATURE----- Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200709-0495", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.2.6" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.0.61" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "fedora core7", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.49" }, { "model": "2.2.5-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "certificate server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.35" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "multi network firewall", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "2.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "11x64" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.50" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "-dev", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.56" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.39" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "11" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.32" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "ccs", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.2" }, { "model": "personal", "scope": null, "trust": 0.3, "vendor": "turbolinux", "version": null }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "linux enterprise sdk 10.sp1", "scope": null, "trust": 0.3, "vendor": "suse", "version": null }, { "model": "appliance server hosting edition", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "1.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.51" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "ccs", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "advanced workstation for the itanium processor", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "novell linux desktop sdk", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.5" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "red hat network satellite server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.2" }, { "model": "application stack", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "v20" }, { "model": "enterprise linux ws ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.53" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "messaging storage server mm3.0", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.43" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage apworks modelers-j edition 6.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.47" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.55" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.7" }, { "model": "linux personal", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "appliance server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "2.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.37" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.1" }, { "model": "interstage application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.10" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "linux professional oss", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "fuji", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2007.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "linux personal oss", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.0" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "interstage apworks modelers-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "application stack for enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "v14" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "appliance server workgroup edition", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "1.0" }, { "model": "advanced workstation for the itanium processor ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.48" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.45" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.1" }, { "model": "linux professional", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.38" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "interstage application server web-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "2.0.61-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.46" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.2" }, { "model": "interstage application server plus developer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.44" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.28" }, { "model": "enterprise linux as ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.40" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "application stack for enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "v14" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "novell linux pos", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "message networking mn", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.3" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "fedora core6", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.4" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.3" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.6" }, { "model": "ccs", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "a9", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "novell linux desktop", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.2" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.58" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.54" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.42" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.28" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.52" }, { "model": "intuity audix lx", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.4" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "apache", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.2.6" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.36" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.41" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.4" }, { "model": "2.0.60-dev", "scope": null, "trust": 0.3, "vendor": "apache", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0.0x64" }, { "model": "enterprise linux es ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "multimedia", "scope": null, "trust": 0.3, "vendor": "turbolinux", "version": null }, { "model": "apache", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.59" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.04" } ], "sources": [ { "db": "BID", "id": "25653" }, { "db": "NVD", "id": "CVE-2007-4465" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.6", "versionStartIncluding": "2.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0.61", "versionStartIncluding": "2.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2007-4465" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Maksymilian Arciemowicz is credited with the discovery of this vulnerability.\n\u0026amp;amp;amp;lt;br\u0026amp;amp;amp;gt;", "sources": [ { "db": "BID", "id": "25653" } ], "trust": 0.3 }, "cve": "CVE-2007-4465", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2007-4465", "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2007-4465", "trust": 1.0, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2007-4465", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-4465" }, { "db": "NVD", "id": "CVE-2007-4465" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. Apache is affected by a vulnerability that may cause certain web pages to be prone to a cross-site scripting attack. This issue stems from a lack of a defined charset on certain generated pages. \nWeb pages generated by the affected source code may be prone to a cross-site scripting issue. \nVersions prior to Apache 2.2.6 are affected. \nNOTE: Reports indicate that this issue does not occur when the application is running on Windows operating systems. =========================================================== \nUbuntu Security Notice USN-575-1 February 04, 2008\napache2 vulnerabilities\nCVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000,\nCVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\nUbuntu 7.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-mpm-perchild 2.0.55-4ubuntu2.3\n apache2-mpm-prefork 2.0.55-4ubuntu2.3\n apache2-mpm-worker 2.0.55-4ubuntu2.3\n\nUbuntu 6.10:\n apache2-mpm-perchild 2.0.55-4ubuntu4.2\n apache2-mpm-prefork 2.0.55-4ubuntu4.2\n apache2-mpm-worker 2.0.55-4ubuntu4.2\n\nUbuntu 7.04:\n apache2-mpm-event 2.2.3-3.2ubuntu2.1\n apache2-mpm-perchild 2.2.3-3.2ubuntu2.1\n apache2-mpm-prefork 2.2.3-3.2ubuntu2.1\n apache2-mpm-worker 2.2.3-3.2ubuntu2.1\n\nUbuntu 7.10:\n apache2-mpm-event 2.2.4-3ubuntu0.1\n apache2-mpm-perchild 2.2.4-3ubuntu0.1\n apache2-mpm-prefork 2.2.4-3ubuntu0.1\n apache2-mpm-worker 2.2.4-3ubuntu0.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIt was discovered that Apache did not sanitize the Expect header from\nan HTTP request when it is reflected back in an error message, which\ncould result in browsers becoming vulnerable to cross-site scripting\nattacks when processing the output. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output\nduring a crafted server request, a remote attacker could exploit this\nto modify the contents, or steal confidential data (such as passwords),\nwithin the same domain. This was only vulnerable in Ubuntu 6.06. \n(CVE-2006-3918)\n\nIt was discovered that when configured as a proxy server and using a\nthreaded MPM, Apache did not properly sanitize its input. A remote\nattacker could send Apache crafted date headers and cause a denial of\nservice via application crash. By default, mod_proxy is disabled in\nUbuntu. (CVE-2007-3847)\n\nIt was discovered that mod_autoindex did not force a character set,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. (CVE-2007-4465)\n\nIt was discovered that mod_imap/mod_imagemap did not force a\ncharacter set, which could result in browsers becoming vulnerable\nto cross-site scripting attacks when processing the output. By\ndefault, mod_imap/mod_imagemap is disabled in Ubuntu. By default, mod_status is\ndisabled in Ubuntu. (CVE-2007-6388)\n\nIt was discovered that mod_proxy_balancer did not sanitize its input,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. By default,\nmod_proxy_balancer is disabled in Ubuntu. This was only vulnerable\nin Ubuntu 7.04 and 7.10. (CVE-2007-6421)\n\nIt was discovered that mod_proxy_balancer could be made to\ndereference a NULL pointer. By\ndefault, mod_proxy_balancer is disabled in Ubuntu. This was only\nvulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)\n\nIt was discovered that mod_proxy_ftp did not force a character set,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. By default,\nmod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz\n Size/MD5: 121305 10359a467847b63f8d6603081450fece\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc\n Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb\n Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 171402 3b7567107864cf36953e7911a4851738\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 172186 85a591ea061cbc727fc261b046781502\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 94240 b80027348754c493312269f7410b38fe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 285664 76f4879738a0a788414316581ac2010b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 144250 3cd8327429958569a306257da57e8be0\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 786052 7bdddb451607eeb2abb9706641675397\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 215932 bee4a6e00371117203647fd3a311658a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 219800 aaf4968deba24912e4981f35a367a086\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 93282 1ae6def788c74750d79055784c0d8006\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 267832 96c149638daeb993250b18c9f4285abf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3\n\nUpdated packages for Ubuntu 6.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz\n Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc\n Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb\n Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 145340 109c93408c5197be50960cce80c23b7c\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 209552 8a23207211e54b138d5a87c15c097908\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 171636 07616e459905bad152a8669c8f670436\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 222022 e37ef7d710800e568d838242d3129725\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 208354 0a571678c269d1da06787dac56567f1c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 212052 90754ccdcd95e652413426376078d223\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe\n\nUpdated packages for Ubuntu 7.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz\n Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc\n Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 971426 30db1106dfea5106da54d2287c02a380\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 403974 65a11cfaee921517445cf74ed04df701\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 434308 2073137bb138dc52bbace666714f4e14\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 343774 880faca3543426734431c29de77c3048\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374\n\nUpdated packages for Ubuntu 7.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz\n Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc\n Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz\n Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 278032 4f8270cff0a532bd059741b366047da9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 435354 f3557e1a87154424e9144cf672110e93\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8\n\n. An error\nhas been discovered in the recall_headers() function in mod_mem_cache\n(CVE-2007-1862). The mod_cache module does not properly sanitize\nrequests before processing them (CVE-2007-1863). The Prefork module\ndoes not properly check PID values before sending signals\n(CVE-2007-3304). The mod_proxy module does not correctly check headers\nbefore processing them (CVE-2007-3847). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.0.59-r5\"\n\nReferences\n==========\n\n [ 1 ] CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n [ 2 ] CVE-2007-1862\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862\n [ 3 ] CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n [ 4 ] CVE-2007-3304\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n [ 5 ] CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n [ 6 ] CVE-2007-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200711-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. Likewise, a similar crash\n could occur on sites with a forward proxy configured if a user could\n be persuaded to visit a malicious site using the proxy (CVE-2007-3847). \n \n A flaw in the Apache mod_autoindex module was found. On sites where\n directory listings are used and the AddDefaultCharset directive was\n removed from the configuration, a cross-site-scripting attack could\n be possible against browsers that to not correctly derive the response\n character set according to the rules in RGC 2616 (CVE-2007-4465). \n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 9bb73822e8ae92ba87aa8baa21d467d1 2007.0/i586/apache-base-2.2.3-1.2mdv2007.0.i586.rpm\n 1949631d7fc0f87c91ba5dd9e738e036 2007.0/i586/apache-devel-2.2.3-1.2mdv2007.0.i586.rpm\n 3fed692d7b2eefe64bdd5f557fb0d838 2007.0/i586/apache-htcacheclean-2.2.3-1.2mdv2007.0.i586.rpm\n 86b32442b40c9e8ee9ba4bc1def61157 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.i586.rpm\n a6ca98077bee65a270a7777f6a3f3b60 2007.0/i586/apache-mod_cache-2.2.3-1.2mdv2007.0.i586.rpm\n 3bf50ab09740de6e718dc38e5320a3f7 2007.0/i586/apache-mod_dav-2.2.3-1.2mdv2007.0.i586.rpm\n 11e3dde4beab554a1523261979852fee 2007.0/i586/apache-mod_dbd-2.2.3-1.2mdv2007.0.i586.rpm\n 993926a12a2b5192059961a8bcbf4e2c 2007.0/i586/apache-mod_deflate-2.2.3-1.2mdv2007.0.i586.rpm\n 8553d309d0b537732375fbf0ab6c3187 2007.0/i586/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.i586.rpm\n 83a1fce76091ea660989b5b310d545ab 2007.0/i586/apache-mod_file_cache-2.2.3-1.2mdv2007.0.i586.rpm\n c7799b98922ee0e2f5bd114a3b2f3816 2007.0/i586/apache-mod_ldap-2.2.3-1.2mdv2007.0.i586.rpm\n b3e79d78c26282b39322910be91cd410 2007.0/i586/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.i586.rpm\n 6c72e3c58cb10447304328c2f863651a 2007.0/i586/apache-mod_proxy-2.2.3-1.2mdv2007.0.i586.rpm\n a6d09de71a6b7bf7bb1cafc187777be7 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.i586.rpm\n 05eee18af88226fb76766a9b88d843a8 2007.0/i586/apache-mod_ssl-2.2.3-1.2mdv2007.0.i586.rpm\n c499609426acef2255940cab04a28b5c 2007.0/i586/apache-mod_userdir-2.2.3-1.2mdv2007.0.i586.rpm\n bcd0563b948d8958de5a8da12e5ecd85 2007.0/i586/apache-modules-2.2.3-1.2mdv2007.0.i586.rpm\n 5c4777a2db7fd28b233d1bcc1d570a70 2007.0/i586/apache-mpm-prefork-2.2.3-1.2mdv2007.0.i586.rpm\n fa38945281388cfd4d37d2f98187a0b0 2007.0/i586/apache-mpm-worker-2.2.3-1.2mdv2007.0.i586.rpm\n 30e14fac38a58a8ab4bf59a6ecb59f9a 2007.0/i586/apache-source-2.2.3-1.2mdv2007.0.i586.rpm \n 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 3301ff7aa05c7cb14eecfc82d1d7fe33 2007.0/x86_64/apache-base-2.2.3-1.2mdv2007.0.x86_64.rpm\n f0f6cc2cc841959558ab0222d975a9cc 2007.0/x86_64/apache-devel-2.2.3-1.2mdv2007.0.x86_64.rpm\n 7bf4dbf62cd08717fc3704798d0c839d 2007.0/x86_64/apache-htcacheclean-2.2.3-1.2mdv2007.0.x86_64.rpm\n ecb3772fac317f54303d1d67c2b1c7a2 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm\n c6cb91541e0f7a24b337da09ee7eb248 2007.0/x86_64/apache-mod_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n f39c5879ff62c5d8dcc41ae73d1ca0cd 2007.0/x86_64/apache-mod_dav-2.2.3-1.2mdv2007.0.x86_64.rpm\n 562dc2a4e6246fa7dde9986af40ec847 2007.0/x86_64/apache-mod_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm\n 7be58654d28b2fc0207c3e44370cd118 2007.0/x86_64/apache-mod_deflate-2.2.3-1.2mdv2007.0.x86_64.rpm\n 6e4314853613d0d9fdd048c8ee96a510 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n 5fd5dc78b84bb5579291d27f626cb660 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n d5eecb080611220807820106c24b1e22 2007.0/x86_64/apache-mod_ldap-2.2.3-1.2mdv2007.0.x86_64.rpm\n bed61f6dcb6311d99fb97225a0b48849 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n f0d3bb15ba884824380ef1cf0bd129b8 2007.0/x86_64/apache-mod_proxy-2.2.3-1.2mdv2007.0.x86_64.rpm\n 8f8969581110089a51cf506b8566315e 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.x86_64.rpm\n 1a40d73c8fbbae8868f09ef947407dad 2007.0/x86_64/apache-mod_ssl-2.2.3-1.2mdv2007.0.x86_64.rpm\n 0cd432c837a9ba4795bda96b1d3cc98c 2007.0/x86_64/apache-mod_userdir-2.2.3-1.2mdv2007.0.x86_64.rpm\n f05d88bc8f9c163ca787c30e7bd84e52 2007.0/x86_64/apache-modules-2.2.3-1.2mdv2007.0.x86_64.rpm\n f5431063918c470fa1ccd6e23db4c70d 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.2mdv2007.0.x86_64.rpm\n 0db10b3a236c2f59a93eb2bc6ee6c35d 2007.0/x86_64/apache-mpm-worker-2.2.3-1.2mdv2007.0.x86_64.rpm\n 71f52e6e3afba9d1d923cc64291eb98f 2007.0/x86_64/apache-source-2.2.3-1.2mdv2007.0.x86_64.rpm \n 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.1:\n e443a21ce0b058aede2aaf82d12d22f7 2007.1/i586/apache-base-2.2.4-6.3mdv2007.1.i586.rpm\n 6d17234fb69995d52c012bb22f52bab3 2007.1/i586/apache-devel-2.2.4-6.3mdv2007.1.i586.rpm\n 6a44621592a2320b6d0e9549eceea6a9 2007.1/i586/apache-htcacheclean-2.2.4-6.3mdv2007.1.i586.rpm\n d0405211b42d562933cd2f802a4276bc 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.i586.rpm\n 3fd09fafa06eb4e08ad975f9972f28f8 2007.1/i586/apache-mod_cache-2.2.4-6.3mdv2007.1.i586.rpm\n d61498465662a9c4a7f77f2dcc9438a7 2007.1/i586/apache-mod_dav-2.2.4-6.3mdv2007.1.i586.rpm\n fbb6c3ccfd793a8f2b9889ed399d5aad 2007.1/i586/apache-mod_dbd-2.2.4-6.3mdv2007.1.i586.rpm\n 0e67be9eaacb5f8686acdd95d26b8b47 2007.1/i586/apache-mod_deflate-2.2.4-6.3mdv2007.1.i586.rpm\n f1a050f23e3bc518b8aecd3c6cd5fd91 2007.1/i586/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.i586.rpm\n d95079c4a7627fe47d529dbe99549023 2007.1/i586/apache-mod_file_cache-2.2.4-6.3mdv2007.1.i586.rpm\n b24dcaec7dc26c107ff0962d46c7b3a1 2007.1/i586/apache-mod_ldap-2.2.4-6.3mdv2007.1.i586.rpm\n 98e97b3bd11ca7939aef2bae47c2c497 2007.1/i586/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.i586.rpm\n bffefef1346635e79f04d0ae56169ab1 2007.1/i586/apache-mod_proxy-2.2.4-6.3mdv2007.1.i586.rpm\n 0c5881d9e76e9ae20470a954200465ae 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.i586.rpm\n 21f665113f11b4b88330b887254023f8 2007.1/i586/apache-mod_ssl-2.2.4-6.3mdv2007.1.i586.rpm\n 192801a60a254a58b57e2f1377ce42c4 2007.1/i586/apache-mod_userdir-2.2.4-6.3mdv2007.1.i586.rpm\n 51fc25858a4ee79d2fd2cfe460c90708 2007.1/i586/apache-modules-2.2.4-6.3mdv2007.1.i586.rpm\n d6256083a3df248847340d3c14ecb9ff 2007.1/i586/apache-mpm-event-2.2.4-6.3mdv2007.1.i586.rpm\n 1359ad128d2d7a24d9211cf7f0276e15 2007.1/i586/apache-mpm-itk-2.2.4-6.3mdv2007.1.i586.rpm\n d65ac7009e90022455c79debf48cdbdb 2007.1/i586/apache-mpm-prefork-2.2.4-6.3mdv2007.1.i586.rpm\n f1d8883b5e633cbb6e3832e7b3c4a4cb 2007.1/i586/apache-mpm-worker-2.2.4-6.3mdv2007.1.i586.rpm\n 947251a0ac81cb912bc4c900bb80e6e7 2007.1/i586/apache-source-2.2.4-6.3mdv2007.1.i586.rpm \n 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 444c86d0a5711e30534400781c0cbcf1 2007.1/x86_64/apache-base-2.2.4-6.3mdv2007.1.x86_64.rpm\n 02514acbf20766b1486389ce4d3e1ed0 2007.1/x86_64/apache-devel-2.2.4-6.3mdv2007.1.x86_64.rpm\n f6f4126d5a414d7ca686395173aaa3b4 2007.1/x86_64/apache-htcacheclean-2.2.4-6.3mdv2007.1.x86_64.rpm\n 1a45be10e44347c913d6493a0d3ad25f 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm\n 5e6df108e6fb0083ffe96810f41bc9ea 2007.1/x86_64/apache-mod_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n 31877eb202cbc9cf0869a3d7bc51b47a 2007.1/x86_64/apache-mod_dav-2.2.4-6.3mdv2007.1.x86_64.rpm\n 33a4ce4f105fbed60b2cdfc73fd524c6 2007.1/x86_64/apache-mod_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm\n e093528141ed7cd178ae27743ed4ea69 2007.1/x86_64/apache-mod_deflate-2.2.4-6.3mdv2007.1.x86_64.rpm\n 697a3930734d4570db3aeadc0aac2032 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n c8a20e21d7b07363c8efc8b23078a5e8 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n d42e4f3cc5ca6ac006d3e4bb7a750273 2007.1/x86_64/apache-mod_ldap-2.2.4-6.3mdv2007.1.x86_64.rpm\n e8fc195d18dbb431257dd816bdfa7845 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n ce7184cd8abf4aa7c98d47a64133c19f 2007.1/x86_64/apache-mod_proxy-2.2.4-6.3mdv2007.1.x86_64.rpm\n 98957b99a54cb32d6ba055d5f059b7ec 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.x86_64.rpm\n 17b824837cf63210790e6201154cb94a 2007.1/x86_64/apache-mod_ssl-2.2.4-6.3mdv2007.1.x86_64.rpm\n 5a2d9f93603eebdde04f8967a07b063d 2007.1/x86_64/apache-mod_userdir-2.2.4-6.3mdv2007.1.x86_64.rpm\n 44f0ad99c93ae8905a2d32b799dc1520 2007.1/x86_64/apache-modules-2.2.4-6.3mdv2007.1.x86_64.rpm\n c5c469771e2f25683ddba3f694e28968 2007.1/x86_64/apache-mpm-event-2.2.4-6.3mdv2007.1.x86_64.rpm\n b691f2e760bdd30c797e46269842a437 2007.1/x86_64/apache-mpm-itk-2.2.4-6.3mdv2007.1.x86_64.rpm\n fa3551d06a7af5a31a040f90dd215a1d 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.3mdv2007.1.x86_64.rpm\n 8d2a09ba2b175cd36bbc0dc6dc4c18ea 2007.1/x86_64/apache-mpm-worker-2.2.4-6.3mdv2007.1.x86_64.rpm\n 7037cb86ca137f40364749a0933b432c 2007.1/x86_64/apache-source-2.2.4-6.3mdv2007.1.x86_64.rpm \n 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm\n\n Corporate 3.0:\n 5bbdb8ac0d8133c1b09d373cbe35f5ea corporate/3.0/i586/apache2-2.0.48-6.15.C30mdk.i586.rpm\n e14dfcec88913b5245d683502ff684d1 corporate/3.0/i586/apache2-common-2.0.48-6.15.C30mdk.i586.rpm\n 642b4136b2e2915db59801888b41d1e6 corporate/3.0/i586/apache2-devel-2.0.48-6.15.C30mdk.i586.rpm\n c8824d8aa09e4917f9b35b1c659b5181 corporate/3.0/i586/apache2-manual-2.0.48-6.15.C30mdk.i586.rpm\n 09af9e7945caec7163a12be1a14302ee corporate/3.0/i586/apache2-mod_cache-2.0.48-6.15.C30mdk.i586.rpm\n 374a782a9211ee321f31a4e716d6bb97 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.15.C30mdk.i586.rpm\n 88a31c94bc077aa0a91f000b839d4b69 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.15.C30mdk.i586.rpm\n 8e55a5d1949805b0a6a4f84d571ab4ff corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.i586.rpm\n 16b573b8a914ab130ac660cce8bddfdb corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.15.C30mdk.i586.rpm\n 68fdee10fc216a354849a6fc5d89e7cf corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.15.C30mdk.i586.rpm\n 9e75fe104df971a7a707efb0d6735288 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.i586.rpm\n 006f66a419a5f81085bc6fd74e4c1235 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.15.C30mdk.i586.rpm\n f0910407a4042202cec58ebdb74127d3 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.15.C30mdk.i586.rpm\n 43578ffa09c88aa636c6df329cebe81a corporate/3.0/i586/apache2-modules-2.0.48-6.15.C30mdk.i586.rpm\n c5c8b21b0bbc8e57f81baa317ccba3f3 corporate/3.0/i586/apache2-source-2.0.48-6.15.C30mdk.i586.rpm\n f38fcbb77b956304d63d36ad7b003b05 corporate/3.0/i586/libapr0-2.0.48-6.15.C30mdk.i586.rpm \n aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52f3a65b7c0e82d517e66d4b176aa33e corporate/3.0/x86_64/apache2-2.0.48-6.15.C30mdk.x86_64.rpm\n b54119aca1142e9e9a848cbc18f2a5d0 corporate/3.0/x86_64/apache2-common-2.0.48-6.15.C30mdk.x86_64.rpm\n e5ac1fdacf86a8214105cc13d3c439aa corporate/3.0/x86_64/apache2-devel-2.0.48-6.15.C30mdk.x86_64.rpm\n 1bc73ab39962a806585f1c669b8c1f7e corporate/3.0/x86_64/apache2-manual-2.0.48-6.15.C30mdk.x86_64.rpm\n 87af39a3721856a710383cd51815fbaf corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n c03c3c1774c1baafaf44a4bb17ca74c6 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.15.C30mdk.x86_64.rpm\n 0ef802c1187c979d48db6ae4672fb21b corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.15.C30mdk.x86_64.rpm\n c7d6772332baffc85fd1472e018f5546 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n 45965308167632623ff93de397d4041d corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n 17e2a48cc23d7983351706745c7cd553 corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.15.C30mdk.x86_64.rpm\n 5b047d484852dd9a2000028d8dcfb7e6 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n a5f32074ec310263bc03648b81d44173 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.15.C30mdk.x86_64.rpm\n 79c4a90fa0ab3bfa8dbe9b12daeff4cd corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.15.C30mdk.x86_64.rpm\n 15af8e5591d5ff99f5c157a0c01d4174 corporate/3.0/x86_64/apache2-modules-2.0.48-6.15.C30mdk.x86_64.rpm\n 462316c74fff690d2e98116ddf614d54 corporate/3.0/x86_64/apache2-source-2.0.48-6.15.C30mdk.x86_64.rpm\n 20553b85bf243e5986af1a3551549ed8 corporate/3.0/x86_64/lib64apr0-2.0.48-6.15.C30mdk.x86_64.rpm \n aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm\n\n Corporate 4.0:\n 7d50fe1ac32dec6c4d57dd850950bdb1 corporate/4.0/i586/apache-base-2.2.3-1.2.20060mlcs4.i586.rpm\n 775785cf1a22f45a64d800fdfcc4a8bc corporate/4.0/i586/apache-devel-2.2.3-1.2.20060mlcs4.i586.rpm\n 79b64bb1793933f1c8b83e7eee2d4cfa corporate/4.0/i586/apache-htcacheclean-2.2.3-1.2.20060mlcs4.i586.rpm\n eac03081a34897376d542b7032dd03c2 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.i586.rpm\n 2c223bb1645aadfba8e6d1d6a2c8756c corporate/4.0/i586/apache-mod_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n e4c4c07473f9644fc146e2f4d9ce95c8 corporate/4.0/i586/apache-mod_dav-2.2.3-1.2.20060mlcs4.i586.rpm\n 13f85bc068b14e497873c6028520580a corporate/4.0/i586/apache-mod_dbd-2.2.3-1.2.20060mlcs4.i586.rpm\n aaa52a86e4a6d3e5322fa140edc5535a corporate/4.0/i586/apache-mod_deflate-2.2.3-1.2.20060mlcs4.i586.rpm\n 574e07826a89f78883f2cfb3ca224e8c corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n 451efb60480fd0680b6c4f955c46ccf4 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n 73fa350b85ea63a5b3f69d8d387474aa corporate/4.0/i586/apache-mod_ldap-2.2.3-1.2.20060mlcs4.i586.rpm\n d2364f995210cdbbe324df10d49bef98 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n 145b17e675a42bed7b3a8c5ee883cf45 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.2.20060mlcs4.i586.rpm\n 92b82835be476736295c15954f2a9eb6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.i586.rpm\n 0dd6c7df0e3ea475b6b2d50ef4aa5ac0 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.2.20060mlcs4.i586.rpm\n d579208689ec9a72a599bf3510bdf942 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.2.20060mlcs4.i586.rpm\n 6fd43dfcfc649c8bcd4692ba9ebeee07 corporate/4.0/i586/apache-modules-2.2.3-1.2.20060mlcs4.i586.rpm\n 9fbf1dde58f17e3f0f29a8c3f1e1b6b6 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.i586.rpm\n 72f26a52381b68a8bbc6e2fcc9c0ac8c corporate/4.0/i586/apache-mpm-worker-2.2.3-1.2.20060mlcs4.i586.rpm\n 99a935e7047a27043159b6555d3444c7 corporate/4.0/i586/apache-source-2.2.3-1.2.20060mlcs4.i586.rpm \n 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 35a789ac173ed3cc0dda52270a194bad corporate/4.0/x86_64/apache-base-2.2.3-1.2.20060mlcs4.x86_64.rpm\n e9df753a94dfb136780651ac743e50eb corporate/4.0/x86_64/apache-devel-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 3964c83541baaf5af0ccc828282a1954 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 554ea610010d5f361bcc87d75d8d0f6f corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 051c20e0f062d50a01c51ebad7dcb96d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 59a05bd258ba6b4729238885d2fc0273 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.2.20060mlcs4.x86_64.rpm\n ceb391b54796f3ea763b81c5085da16c corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 307726e1c4dfcca90093c19e3d17f504 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 1500f6520843c6604192e4a621d5b9f1 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n e0ac5eb68e21253d33928fa28f0acb25 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 21c68fdaf26b13ed2177bf458979df1e corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 28ef0171caf2d11cca8fe4f0bf2473db corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 019893e83acbfb730f79a8eb364ea042 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 202b1fc0dd2d9364530abbbb13f799b0 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 5cd3084106482b3f01b41cd716c702b8 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 6a18ec0935144ead6f037f41e852a892 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 622bb60b53fb48aef1b5a7fc94be3298 corporate/4.0/x86_64/apache-modules-2.2.3-1.2.20060mlcs4.x86_64.rpm\n f573d1aef5f29f14f8764fce5ea31a1d corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 842d5d6ef1c73fcb0b41b9ff18a75960 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 1cae994b8a6fb2d2aa9a803d7bb3178d corporate/4.0/x86_64/apache-source-2.2.3-1.2.20060mlcs4.x86_64.rpm \n 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 463f2a0de557bfcf7ae0655e5381b22f mnf/2.0/i586/apache2-2.0.48-6.16.M20mdk.i586.rpm\n 56117551a5480c85920263bcefb32c09 mnf/2.0/i586/apache2-common-2.0.48-6.16.M20mdk.i586.rpm\n c7496b0bb82f802cd8d17819ee1308bc mnf/2.0/i586/apache2-devel-2.0.48-6.16.M20mdk.i586.rpm\n 6be15ca61d9a7cc4cc4c7e4e55c4ffd1 mnf/2.0/i586/apache2-manual-2.0.48-6.16.M20mdk.i586.rpm\n 766a15298990769f14e5ad00745b9c7f mnf/2.0/i586/apache2-mod_cache-2.0.48-6.16.M20mdk.i586.rpm\n 21d7b83f3e1b80874c5c007c6659c470 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.16.M20mdk.i586.rpm\n 417055a9758a47db50fcd7ec0a7d4047 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.16.M20mdk.i586.rpm\n 90d4aa462e8edf12c52216fa4eeac6a1 mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.16.M20mdk.i586.rpm\n fbeb5bc02ada67198541cb4e1c2b1b27 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.16.M20mdk.i586.rpm\n 0f2e617217d9f418182ca89bab9703f0 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.16.M20mdk.i586.rpm\n 50e9dc2b73be1f0f3a45ca7da1adbcbf mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.16.M20mdk.i586.rpm\n 8352541a45d2c76ab840ca6f4b070ffb mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.16.M20mdk.i586.rpm\n 5744f88c6e59f26418f1f3f531f30734 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.16.M20mdk.i586.rpm\n 874dc6a00a02630401f7efeadc93935e mnf/2.0/i586/apache2-modules-2.0.48-6.16.M20mdk.i586.rpm\n efbd0f5ac6f292474d29f83d36bf86eb mnf/2.0/i586/apache2-source-2.0.48-6.16.M20mdk.i586.rpm\n 15bd1fcd65bd487b6fd5bba0a8ec530d mnf/2.0/i586/libapr0-2.0.48-6.16.M20mdk.i586.rpm \n 0e6b7bac08407b02457479763d27e885 mnf/2.0/SRPMS/apache2-2.0.48-6.16.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01756421\nVersion: 1\n\nHPSBUX02431 SSRT090085 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Execution of Arbitrary Code\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-06-29\nLast Updated: 2009-06-25\n\nPotential Security Impact: Remote Denial of Service (DoS), execution of arbitrary code\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), or execution of arbitrary code. \n\nReferences: CVE-2007-4465, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658. \nHP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.03 or v2.0.59.09 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier \nHP-UX B.11.11 running Apache-based Web Server v2.0.59.09 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier \n\nBACKGROUND\n\n===============================================\nReference Base Vector Base Score \nCVE-nnnn-nnnn (AV:x/AC:x/Au:x/C:x/I:x/A:x) x.x\n===============================================\nCVE-2007-4465 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 \nCVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 \nCVE-2008-0599 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 \nCVE-2008-2168 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 \nCVE-2008-2371 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 \nCVE-2008-2665 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 \nCVE-2008-2666 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 \nCVE-2008-2829 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 \nCVE-2008-3659 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 \nCVE-2008-3660 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 \nCVE-2008-5498 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 \nCVE-2008-5557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 \nCVE-2008-5624 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 \nCVE-2008-5625 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 \nCVE-2008-5658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 \n===============================================\n\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n\nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS \n\nFor Web Server v3.05 \nHP-UX B.11.23 \n================== \nhpuxws22APCH32.APACHE \nhpuxws22APCH32.APACHE2 \nhpuxws22APCH32.AUTH_LDAP \nhpuxws22APCH32.AUTH_LDAP2 \nhpuxws22APCH32.MOD_JK \nhpuxws22APCH32.MOD_JK2 \nhpuxws22APCH32.MOD_PERL \nhpuxws22APCH32.MOD_PERL2 \nhpuxws22APCH32.PHP \nhpuxws22APCH32.PHP2 \nhpuxws22APCH32.WEBPROXY \nhpuxws22APCH32.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \naction: install revision B.2.2.8.04 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.31 \n================== \nhpuxws22APACHE.APACHE \nhpuxws22APACHE.APACHE2 \nhpuxws22APACHE.AUTH_LDAP \nhpuxws22APACHE.AUTH_LDAP2 \nhpuxws22APACHE.MOD_JK \nhpuxws22APACHE.MOD_JK2 \nhpuxws22APACHE.MOD_PERL \nhpuxws22APACHE.MOD_PERL2 \nhpuxws22APACHE.PHP \nhpuxws22APACHE.PHP2 \nhpuxws22APACHE.WEBPROXY \nhpuxws22APACHE.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \naction: install revision B.2.2.8.04 or subsequent \nURL: http://software.hp.com \n\nWeb Server v2.25 \nHP-UX B.11.11 \n================== \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \nhpuxwsTOMCAT.TOMCAT \naction: install revision B.2.0.59.10 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.23 \n================== \nhpuxwsAPCH32.APACHE \nhpuxwsAPCH32.APACHE2 \nhpuxwsAPCH32.AUTH_LDAP \nhpuxwsAPCH32.AUTH_LDAP2 \nhpuxwsAPCH32.MOD_JK \nhpuxwsAPCH32.MOD_JK2 \nhpuxwsAPCH32.MOD_PERL \nhpuxwsAPCH32.MOD_PERL2 \nhpuxwsAPCH32.PHP \nhpuxwsAPCH32.PHP2 \nhpuxwsAPCH32.WEBPROXY \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE .WEBPROXY \nhpuxwsTOMCAT.TOMCAT \naction: install revision B.2.0.59.10 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.31 \n================== \nhpuxwsAPCH32.APACHE \nhpuxwsAPCH32.APACHE2 \nhpuxwsAPCH32.AUTH_LDAP \nhpuxwsAPCH32.AUTH_LDAP2 \nhpuxwsAPCH32.MOD_JK \nhpuxwsAPCH32.MOD_JK2 \nhpuxwsAPCH32.MOD_PERL \nhpuxwsAPCH32.MOD_PERL2 \nhpuxwsAPCH32.PHP \nhpuxwsAPCH32.PHP2 \nhpuxwsAPCH32.WEBPROXY \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \nhpuxwsTOMCAT.TOMCAT \naction: install revision B.2.0.59.10 or subsequent \nURL: http://software.hp.com \n\nEND AFFECTED VERSIONS \n\nHISTORY \nVersion:1 (rev.1) 29 June 2009 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n -verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW \nMA = HP Management Agents \nMI = Misc. 3rd Party SW \nMP = HP MPE/iX \nNS = HP NonStop Servers \nOV = HP OpenVMS \nPI = HP Printing \u0026 Imaging \nST = HP Storage SW \nTL = HP Trusted Linux \nTU = HP Tru64 UNIX \nUX = HP-UX \nVV = HP VirtualVault \n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[Apache2 Undefined Charset UTF-7 XSS Vulnerability ]\n\nAuthor: SecurityReason\nMaksymilian Arciemowicz (cXIb8O3)\n\nDate:\n- - Written: 08.08.2007\n- - Public: 11.09.2007\n\nSecurityReason Research\nSecurityAlert Id: 46\n\nCVE: CVE-2007-4465\nSecurityRisk: Low \n\nAffected Software: Apache 2.x (mod_autoindex)\nAdvisory URL: http://securityreason.com/achievement_securityalert/46\nVendor: http://httpd.apache.org\n\n- --- 0.Description ---\n\nThe Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. \n\nApache has been the most popular web server on the Internet since April 1996. The November 2005 Netcraft Web Server Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined. \n\n- --- 1. Apache2 XSS Undefined Charset UTF-7 XSS Vulnerability ---\n\nThe XSS(UTF7) exist in mod_autoindex.c . Charset is not defined and we can provide XSS attack using \"P\" option available in apache 2.2.4 by setting Charset to UTF-7. \n\n\"P=pattern lists only files matching the given pattern\"\n\nMore : http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html\n\n- -Source code from mod_autoindex.c--------------\n#if APR_HAS_UNICODE_FS\nap_set_content_type(r, \"text/html;charset=utf-8\");\n#else\nap_set_content_type(r, \"text/html\");\n#endif\n- -Source code from mod_autoindex.c--------------\n\n\nif APR_HAS_UNICODE_FS is set to 1 then we have defined charset and this is present on Windows systems . But on on unix , linux systems the charset is not definded. \n\n- --- EXAMPLE 1 ---\n# telnet localhost 80\nTrying 127.0.0.1... \nConnected to localhost. \nEscape character is \u0027^]\u0027\n\nGET /icons/ http/1.1\nHost: localhost\nContent-type: text/html\nKeep-Alive: 300\nConnection: keep-alive\n\n\nHTTP/1.1 200 OK\nDate: Thu, 09 Aug 2007 01:01:48 GMT\nServer: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j\nKeep-Alive: timeout=15, max=100\nConnection: Keep-Alive\nTransfer-Encoding: chunked\nContent-Type: text/html\n\n\n\u003c!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\"\u003e\n\u003cHTML\u003e\n\u003cHEAD\u003e\n\u003cTITLE\u003eIndex of /icons\u003c/TITLE\u003e\n\u003c/HEAD\u003e\n\u003cBODY\u003e\n\u003cH1\u003eIndex of /icons\u003c/H1\u003e\n... \n- --- EXAMPLE 1 ---\n\n- --- EXAMPLE 2 ---\n# telnet httpd.apache.org 80\nTrying 140.211.11.130... \nConnected to httpd.apache.org. \nEscape character is \u0027^]\u0027. \n\nGET /icons/ http/1.1\nHost: httpd.apache.org\nContent-type: text/html\nKeep-Alive: 300\nConnection: keep-alive\n\n\nHTTP/1.1 200 OK\nDate: Wed, 08 Aug 2007 23:06:26 GMT\nServer: Apache/2.3.0-dev (Unix)\nVary: Accept-Encoding\nKeep-Alive: timeout=5, max=100\nConnection: Keep-Alive\nTransfer-Encoding: chunked\nContent-Type: text/html\n\n\n\u003c!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\"\u003e\n\u003chtml\u003e\n\u003chead\u003e\n\u003ctitle\u003eIndex of /icons\u003c/title\u003e\n\u003c/head\u003e\n\u003cbody\u003e\n\u003ch1\u003eIndex of /icons\u003c/h1\u003e\n... \n- --- EXAMPLE 2 ---\n\nAny request to folder /icons don\u0027t give charset in main header and in \u003chead\u003e\u003c/head\u003e section. In requests like 400 404 etc charset is defined (standard UTF8). \n\nFor example :\n\n- --- EXAMPLE 3 (400) ---\n# telnet 127.0.0.1 80\nTrying 127.0.0.1... \nConnected to 127.0.0.1. \nEscape character is \u0027^]\u0027. \nGET /%0 HTTP/1.1\nHost: localhost\n\nHTTP/1.1 400 Bad Request\nDate: Thu, 09 Aug 2007 13:13:32 GMT\nServer: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j\nConnection: close\nTransfer-Encoding: chunked\nContent-Type: text/html; charset=iso-8859-1\n... \n- --- EXAMPLE 3 ---\n\n- --- EXAMPLE 4 (404) ---\n# telnet 127.0.0.1 80\nTrying 127.0.0.1... \nConnected to 127.0.0.1. \nEscape character is \u0027^]\u0027. \nGET /noex HTTP/1.1\nHost: localhost\n\nHTTP/1.1 404 Not Found\nDate: Thu, 09 Aug 2007 13:14:48 GMT\nServer: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j\nTransfer-Encoding: chunked\nContent-Type: text/html; charset=iso-8859-1\n... \n- --- EXAMPLE 4 ---\n\nAny request from family 4xx is defined with charset. Because it is possible put the text to site (like wrong patch) in 404. Main idea was that, anybody can\u0027t put any text to this site with folder. And it was good idea, but in apache 2.x exist option \"P\". \nLike:\n\nhttp://localhost/icons/?P=[Filter]\n\nAny value gived to this variable is displayed in html text. For example :\n\nhttp://localhost/icons/?P=Hallo\n\n- --- HTML --------\n\u003cpre\u003e\u003cimg src=\"/icons/blank.gif\" alt=\"Icon \"\u003e \u003ca href=\"?C=N;O=D;P=Hallo\"\u003eName\u003c/a\u003e\n- -----------------\n\n- --- 2. Exploit ---\n\nSecurityReason is not going to release a exploit to the general public. \nExploit was provided and tested for Apache Team . \n\n- --- 3. How to fix ---\n\nUpdate to Apache 2.2.6\n\nhttp://www.apache.org/dist/httpd/CHANGES_2.2.6\n\n- ---\nmod_autoindex: Add in Type and Charset options to IndexOptions\ndirective. This allows the admin to explicitly set the \ncontent-type and charset of the generated page and is therefore\na viable workaround for buggy browsers affected by CVE-2007-4465\n(cve.mitre.org). [Jim Jagielski]\n- ---\n\n- --- 4. Greets ---\n\nFor: sp3x, Infospec, p_e_a\n\n- --- 5. Contact ---\n\nAuthor: SecurityReason [ Maksymilian Arciemowicz ( cXIb8O3 ) ]\nEmail: cxib [at] securityreason [dot] com\nGPG: http://securityreason.pl/key/Arciemowicz.Maksymilian.gpg\nhttp://securityreason.com\nhttp://securityreason.pl\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (OpenBSD)\n\niD8DBQFG6F0A3Ke13X/fTO4RAg49AJ9ZYTCR02BWOxInIA0qybXBagnu4wCdFvlo\nMGWmxpeZzSTbVKnHIP5M+2o=\n=BrVf\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2007-4465" }, { "db": "BID", "id": "25653" }, { "db": "VULMON", "id": "CVE-2007-4465" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "61459" }, { "db": "PACKETSTORM", "id": "78873" }, { "db": "PACKETSTORM", "id": "59301" }, { "db": "PACKETSTORM", "id": "69466" }, { "db": "PACKETSTORM", "id": "82164" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2007-4465", "trust": 2.2 }, { "db": "BID", "id": "25653", "trust": 1.4 }, { "db": "USCERT", "id": "TA08-150A", "trust": 1.1 }, { "db": "SECUNIA", "id": "33105", "trust": 1.1 }, { "db": "SECUNIA", "id": "28749", "trust": 1.1 }, { "db": "SECUNIA", "id": "35650", "trust": 1.1 }, { "db": "SECUNIA", "id": "28607", "trust": 1.1 }, { "db": "SECUNIA", "id": "27732", "trust": 1.1 }, { "db": "SECUNIA", "id": "31651", "trust": 1.1 }, { "db": "SECUNIA", "id": "26952", "trust": 1.1 }, { "db": "SECUNIA", "id": "30430", "trust": 1.1 }, { "db": "SECUNIA", "id": "28471", "trust": 1.1 }, { "db": "SECUNIA", "id": "26842", "trust": 1.1 }, { "db": "SECUNIA", "id": "27563", "trust": 1.1 }, { "db": "SECUNIA", "id": "28467", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2008-1697", "trust": 1.1 }, { "db": "SREASON", "id": "3113", "trust": 1.1 }, { "db": "SECTRACK", "id": "1019194", "trust": 1.1 }, { "db": "VULMON", "id": "CVE-2007-4465", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "63262", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "60759", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "62719", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "61459", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "78873", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "59301", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "69466", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "82164", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-4465" }, { "db": "BID", "id": "25653" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "61459" }, { "db": "PACKETSTORM", "id": "78873" }, { "db": "PACKETSTORM", "id": "59301" }, { "db": "PACKETSTORM", "id": "69466" }, { "db": "PACKETSTORM", "id": "82164" }, { "db": "NVD", "id": "CVE-2007-4465" } ] }, "id": "VAR-200709-0495", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.15801565 }, "last_update_date": "2024-07-23T20:15:05.431000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Debian CVElist Bug Report Logs: apache2: CVE-2007-4465", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8a7503dd359ab44b424a9918eb8a6f66" }, { "title": "Ubuntu Security Notice: apache2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-575-1" }, { "title": "", "trust": 0.1, "url": "https://github.com/secureaxom/strike " } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-4465" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2007-4465" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "http://www.apache.org/dist/httpd/changes_2.2.6" }, { "trust": 1.4, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-032.htm" }, { "trust": 1.4, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html" }, { "trust": 1.2, "url": "http://securityreason.com/achievement_securityalert/46" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/25653" }, { "trust": 1.2, "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "trust": 1.1, "url": "http://securityreason.com/securityalert/3113" }, { "trust": 1.1, "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" }, { "trust": 1.1, "url": "http://www.redhat.com/archives/fedora-package-announce/2007-september/msg00320.html" }, { "trust": 1.1, "url": "https://www.redhat.com/archives/fedora-package-announce/2007-september/msg00353.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2007-0911.html" }, { "trust": 1.1, "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/26842" }, { "trust": 1.1, "url": "http://secunia.com/advisories/26952" }, { "trust": 1.1, "url": "http://secunia.com/advisories/27563" }, { "trust": 1.1, "url": "http://secunia.com/advisories/27732" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:014" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2008-0004.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2008-0005.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2008-0006.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2008-0008.html" }, { "trust": 1.1, "url": "http://securitytracker.com/id?1019194" }, { "trust": 1.1, "url": "http://secunia.com/advisories/28467" }, { "trust": 1.1, "url": "http://secunia.com/advisories/28471" }, { "trust": 1.1, "url": "http://secunia.com/advisories/28607" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "trust": 1.1, "url": "http://secunia.com/advisories/28749" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2008-0261.html" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2008//may/msg00001.html" }, { "trust": 1.1, "url": "http://www.us-cert.gov/cas/techalerts/ta08-150a.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/30430" }, { "trust": 1.1, "url": "http://secunia.com/advisories/31651" }, { "trust": 1.1, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01539432" }, { "trust": 1.1, "url": "http://secunia.com/advisories/33105" }, { "trust": 1.1, "url": "http://secunia.com/advisories/35650" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6089" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10929" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005" }, { "trust": 0.3, "url": "http://httpd.apache.org/" }, { "trust": 0.3, "url": "/archive/1/479237" }, { "trust": 0.3, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-026.htm" }, { "trust": 0.3, "url": "http://support.avaya.com/elmodocs2/security/asa-2008-031.htm" }, { "trust": 0.3, "url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.ctm6em..t.epps.1zqm.kdcefl00" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2007-0911.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0004.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0005.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0006.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0008.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2008-0261.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3847" }, { "trust": 0.3, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4465" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2168" }, { "trust": 0.3, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.3, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.3, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.3, "url": "https://www.hp.com/go/swa" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000" }, { "trust": 0.2, "url": "http://secunia.com/" }, { "trust": 0.2, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3847" }, { "trust": 0.2, "url": "http://www.mandriva.com/security/" }, { "trust": 0.2, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2371" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3660" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5498" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0599" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2829" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2665" }, { "trust": 0.2, "url": "http://software.hp.com" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5557" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5624" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3659" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2666" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/79.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453783" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/575-1/" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6422" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6421" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1862" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1863" }, { "trust": 0.1, "url": "http://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://enigmail.mozdev.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-1862" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5752" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3304" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3304" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6388" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5000" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5658" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5625" }, { "trust": 0.1, "url": "http://securityreason.pl/key/arciemowicz.maksymilian.gpg" }, { "trust": 0.1, "url": "http://localhost/icons/?p=hallo" }, { "trust": 0.1, "url": "http://localhost/icons/?p=[filter]" }, { "trust": 0.1, "url": "http://securityreason.com" }, { "trust": 0.1, "url": "http://httpd.apache.org" }, { "trust": 0.1, "url": "http://securityreason.pl" }, { "trust": 0.1, "url": "http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6203" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3658" } ], "sources": [ { "db": "VULMON", "id": "CVE-2007-4465" }, { "db": "BID", "id": "25653" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "61459" }, { "db": "PACKETSTORM", "id": "78873" }, { "db": "PACKETSTORM", "id": "59301" }, { "db": "PACKETSTORM", "id": "69466" }, { "db": "PACKETSTORM", "id": "82164" }, { "db": "NVD", "id": "CVE-2007-4465" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2007-4465" }, { "db": "BID", "id": "25653" }, { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "61459" }, { "db": "PACKETSTORM", "id": "78873" }, { "db": "PACKETSTORM", "id": "59301" }, { "db": "PACKETSTORM", "id": "69466" }, { "db": "PACKETSTORM", "id": "82164" }, { "db": "NVD", "id": "CVE-2007-4465" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2007-09-14T00:00:00", "db": "VULMON", "id": "CVE-2007-4465" }, { "date": "2007-09-12T00:00:00", "db": "BID", "id": "25653" }, { "date": "2008-02-05T00:41:56", "db": "PACKETSTORM", "id": "63262" }, { "date": "2007-11-07T20:27:55", "db": "PACKETSTORM", "id": "60759" }, { "date": "2008-01-17T05:56:17", "db": "PACKETSTORM", "id": "62719" }, { "date": "2007-12-04T05:30:30", "db": "PACKETSTORM", "id": "61459" }, { "date": "2009-07-02T18:53:57", "db": "PACKETSTORM", "id": "78873" }, { "date": "2007-09-13T23:41:20", "db": "PACKETSTORM", "id": "59301" }, { "date": "2008-08-29T05:14:23", "db": "PACKETSTORM", "id": "69466" }, { "date": "2009-10-23T18:14:28", "db": "PACKETSTORM", "id": "82164" }, { "date": "2007-09-14T00:17:00", "db": "NVD", "id": "CVE-2007-4465" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULMON", "id": "CVE-2007-4465" }, { "date": "2010-08-05T21:45:00", "db": "BID", "id": "25653" }, { "date": "2024-01-19T15:13:13.213000", "db": "NVD", "id": "CVE-2007-4465" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "25653" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability", "sources": [ { "db": "BID", "id": "25653" } ], "trust": 0.3 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "xss", "sources": [ { "db": "PACKETSTORM", "id": "63262" }, { "db": "PACKETSTORM", "id": "60759" }, { "db": "PACKETSTORM", "id": "62719" }, { "db": "PACKETSTORM", "id": "59301" }, { "db": "PACKETSTORM", "id": "69466" }, { "db": "PACKETSTORM", "id": "82164" } ], "trust": 0.6 } }
gsd-2007-4465
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2007-4465", "description": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", "id": "GSD-2007-4465", "references": [ "https://www.suse.com/security/cve/CVE-2007-4465.html", "https://access.redhat.com/errata/RHSA-2010:0602", "https://access.redhat.com/errata/RHSA-2008:0524", "https://access.redhat.com/errata/RHSA-2008:0523", "https://access.redhat.com/errata/RHSA-2008:0261", "https://access.redhat.com/errata/RHSA-2008:0008", "https://access.redhat.com/errata/RHSA-2008:0006", "https://access.redhat.com/errata/RHSA-2008:0005", "https://access.redhat.com/errata/RHSA-2008:0004", "https://access.redhat.com/errata/RHSA-2007:0911", "https://linux.oracle.com/cve/CVE-2007-4465.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2007-4465" ], "details": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", "id": "GSD-2007-4465", "modified": "2023-12-13T01:21:36.862312Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4465", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2008:0005", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html" }, { "name": "3113", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3113" }, { "name": "28749", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28749" }, { "name": "oval:org.mitre.oval:def:6089", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089" }, { "name": "HPSBUX02465", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "name": "26952", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26952" }, { "name": "31651", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31651" }, { "name": "SSRT090085", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "name": "25653", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25653" }, { "name": "27563", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27563" }, { "name": "27732", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27732" }, { "name": "1019194", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019194" }, { "name": "RHSA-2007:0911", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html" }, { "name": "RHSA-2008:0006", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html" }, { "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:10929", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929" }, { "name": "SSRT090192", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "name": "TA08-150A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "name": "SUSE-SA:2007:061", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "name": "FEDORA-2007-2214", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" }, { "name": "RHSA-2008:0008", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html" }, { "name": "MDVSA-2008:014", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014" }, { "name": "HPSBUX02365", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432" }, { "name": "30430", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30430" }, { "name": "http://www.apache.org/dist/httpd/CHANGES_2.2.6", "refsource": "CONFIRM", "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6" }, { "name": "APPLE-SA-2008-05-28", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm" }, { "name": "33105", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33105" }, { "name": "apache-utf7-xss(36586)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586" }, { "name": "28467", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28467" }, { "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html", "refsource": "CONFIRM", "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html" }, { "name": "RHSA-2008:0004", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html" }, { "name": "28607", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28607" }, { "name": "GLSA-200711-06", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "name": "HPSBUX02431", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "name": "FEDORA-2007-707", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html" }, { "name": "28471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28471" }, { "name": "ADV-2008-1697", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/46" }, { "name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "name": "USN-575-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "name": "26842", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26842" }, { "name": "SSRT080118", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432" }, { "name": "35650", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35650" }, { "name": "http://bugs.gentoo.org/show_bug.cgi?id=186219", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" } ] } }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C551481-3F93-4186-85B9-7B07D94B86D9", "versionEndExcluding": "2.0.61", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9EE889E-37B4-4DF6-8327-7D621E287F4F", "versionEndExcluding": "2.2.6", "versionStartIncluding": "2.2.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection." }, { "lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mod_autoindex.c en el servidor HTTP Apache versiones anteriores a 2.2.6, cuando un juego de caracteres en una p\u00e1gina generada por el servidor no est\u00e1 definido, permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro P utilizando el juego de caracteres UTF-7.\r\nNOTA. Se podr\u00eda argumentar que este asunto se debe a una limitaci\u00f3n de dise\u00f1o de los navegadores que intentan realizar una detecci\u00f3n autom\u00e1tica de tipo de contenido." } ], "id": "CVE-2007-4465", "lastModified": "2024-01-19T15:13:13.213", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-09-14T00:17:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/26842" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/26952" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/27563" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/27732" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/28467" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/28471" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/28607" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/28749" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/30430" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/31651" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/33105" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/35650" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://securityreason.com/achievement_securityalert/46" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://securityreason.com/securityalert/3113" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://securitytracker.com/id?1019194" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/25653" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/usn-575-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" }, { "source": "cve@mitre.org", "tags": [ "Permissions Required", "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2008/1697" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "The Apache security team believe that this issue is due to web browsers that are violating RFC2616. \n\nHowever, Apache 2.2.6 and 2.0.61 add a workaround for such browsers by adding Type and Charset options to IndexOptions directive. This allows a site administrator to explicitly set the content-type and charset of the generated directory index page.", "lastModified": "2007-09-14T00:00:00", "organization": "Apache" }, { "comment": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \u0026quot;AddDefaultCharset\u0026quot; directive and are using directory indexes. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. \n\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4465\n\n", "lastModified": "2007-09-18T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] } } } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.