CVE-2008-2364 (GCVE-0-2008-2364)

Vulnerability from cvelistv5 – Published: 2008-06-13 18:00 – Updated: 2024-08-07 08:58

Summary

Severity

No CVSS data available.

CWE

Assigner

redhat

References

69 references

URL	Tags
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/34259	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/34219	third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/31026	third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=125631037611762&w=2	vendor-advisoryx_refsource_HP
http://secunia.com/advisories/31651	third-party-advisoryx_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://www.securityfocus.com/bid/31681	vdb-entryx_refsource_BID
http://secunia.com/advisories/32838	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/498567/100…	mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/31904	third-party-advisoryx_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2008-0967.html	vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/29653	vdb-entryx_refsource_BID
http://marc.info/?l=bugtraq&m=125631037611762&w=2	vendor-advisoryx_refsource_HP
http://secunia.com/advisories/34418	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/30621	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/32685	third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/31416	third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1020267	vdb-entryx_refsource_SECTRACK
http://svn.apache.org/viewvc/httpd/httpd/trunk/mo…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-731-1	vendor-advisoryx_refsource_UBUNTU
http://www.vupen.com/english/advisories/2009/0320	vdb-entryx_refsource_VUPEN
http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/32222	third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2008-09…	vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/33156	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/33797	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/494858/100…	mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/31404	third-party-advisoryx_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
http://security.gentoo.org/glsa/glsa-200807-06.xml	vendor-advisoryx_refsource_GENTOO
http://www.vupen.com/english/advisories/2008/2780	vdb-entryx_refsource_VUPEN
http://marc.info/?l=bugtraq&m=123376588623823&w=2	vendor-advisoryx_refsource_HP
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
http://www.vupen.com/english/advisories/2008/1798	vdb-entryx_refsource_VUPEN
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://support.apple.com/kb/HT3216	x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
http://marc.info/?l=bugtraq&m=123376588623823&w=2	vendor-advisoryx_refsource_HP
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328	x_refsource_CONFIRM
https://lists.apache.org/thread.html/54a42d4b0196…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/5df9bfb86a3b…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/8d63cb8e9100…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/f7f95ac1cd98…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r57608dc51b7…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0276683d8e1…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r8828e649175…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rfbaf647d52c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf6449464fd8…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r7dd6be4dc38…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9ea3538f229…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r84d043c2115…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r2cb985de917…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9e862225418…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rdca61ae9906…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9f93cf6dde3…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc4c53a0d57b…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r8c9983f1172…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r75cbe9ea3e2…	mailing-listx_refsource_MLIST

Date Public

2008-06-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:58:02.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2009:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
          },
          {
            "name": "34259",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34259"
          },
          {
            "name": "34219",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34219"
          },
          {
            "name": "oval:org.mitre.oval:def:11713",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11713"
          },
          {
            "name": "31026",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31026"
          },
          {
            "name": "HPSBUX02465",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "31651",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31651"
          },
          {
            "name": "247666",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1"
          },
          {
            "name": "31681",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31681"
          },
          {
            "name": "32838",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32838"
          },
          {
            "name": "20081122 rPSA-2008-0328-1 httpd mod_ssl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/498567/100/0/threaded"
          },
          {
            "name": "31904",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31904"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
          },
          {
            "name": "RHSA-2008:0967",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0967.html"
          },
          {
            "name": "29653",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29653"
          },
          {
            "name": "SSRT090192",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "34418",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34418"
          },
          {
            "name": "30621",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30621"
          },
          {
            "name": "32685",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32685"
          },
          {
            "name": "apache-modproxy-module-dos(42987)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42987"
          },
          {
            "name": "SUSE-SR:2009:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
          },
          {
            "name": "31416",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31416"
          },
          {
            "name": "1020267",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020267"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154\u0026r2=666153\u0026pathrev=666154"
          },
          {
            "name": "USN-731-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-731-1"
          },
          {
            "name": "ADV-2009-0320",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0320"
          },
          {
            "name": "HPSBUX02365",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27008517"
          },
          {
            "name": "oval:org.mitre.oval:def:9577",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9577"
          },
          {
            "name": "32222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32222"
          },
          {
            "name": "oval:org.mitre.oval:def:6084",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6084"
          },
          {
            "name": "RHSA-2008:0966",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0966.html"
          },
          {
            "name": "33156",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33156"
          },
          {
            "name": "33797",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33797"
          },
          {
            "name": "20080729 rPSA-2008-0236-1 httpd mod_ssl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/494858/100/0/threaded"
          },
          {
            "name": "31404",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31404"
          },
          {
            "name": "FEDORA-2008-6393",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html"
          },
          {
            "name": "GLSA-200807-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200807-06.xml"
          },
          {
            "name": "ADV-2008-2780",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2780"
          },
          {
            "name": "HPSBUX02401",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
          },
          {
            "name": "MDVSA-2008:237",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:237"
          },
          {
            "name": "FEDORA-2008-6314",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00153.html"
          },
          {
            "name": "ADV-2008-1798",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1798"
          },
          {
            "name": "APPLE-SA-2008-10-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3216"
          },
          {
            "name": "MDVSA-2008:195",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:195"
          },
          {
            "name": "SSRT080118",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"
          },
          {
            "name": "PK67579",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK67579"
          },
          {
            "name": "SSRT090005",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210422 svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ test/ test/flood/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-06T10:10:39.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SR:2009:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
        },
        {
          "name": "34259",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34259"
        },
        {
          "name": "34219",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34219"
        },
        {
          "name": "oval:org.mitre.oval:def:11713",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11713"
        },
        {
          "name": "31026",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31026"
        },
        {
          "name": "HPSBUX02465",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
        },
        {
          "name": "31651",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31651"
        },
        {
          "name": "247666",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1"
        },
        {
          "name": "31681",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31681"
        },
        {
          "name": "32838",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32838"
        },
        {
          "name": "20081122 rPSA-2008-0328-1 httpd mod_ssl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/498567/100/0/threaded"
        },
        {
          "name": "31904",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31904"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
        },
        {
          "name": "RHSA-2008:0967",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2008-0967.html"
        },
        {
          "name": "29653",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29653"
        },
        {
          "name": "SSRT090192",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
        },
        {
          "name": "34418",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34418"
        },
        {
          "name": "30621",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30621"
        },
        {
          "name": "32685",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32685"
        },
        {
          "name": "apache-modproxy-module-dos(42987)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42987"
        },
        {
          "name": "SUSE-SR:2009:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
        },
        {
          "name": "31416",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31416"
        },
        {
          "name": "1020267",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020267"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154\u0026r2=666153\u0026pathrev=666154"
        },
        {
          "name": "USN-731-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-731-1"
        },
        {
          "name": "ADV-2009-0320",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0320"
        },
        {
          "name": "HPSBUX02365",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27008517"
        },
        {
          "name": "oval:org.mitre.oval:def:9577",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9577"
        },
        {
          "name": "32222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32222"
        },
        {
          "name": "oval:org.mitre.oval:def:6084",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6084"
        },
        {
          "name": "RHSA-2008:0966",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0966.html"
        },
        {
          "name": "33156",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33156"
        },
        {
          "name": "33797",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33797"
        },
        {
          "name": "20080729 rPSA-2008-0236-1 httpd mod_ssl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/494858/100/0/threaded"
        },
        {
          "name": "31404",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31404"
        },
        {
          "name": "FEDORA-2008-6393",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html"
        },
        {
          "name": "GLSA-200807-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200807-06.xml"
        },
        {
          "name": "ADV-2008-2780",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2780"
        },
        {
          "name": "HPSBUX02401",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
        },
        {
          "name": "MDVSA-2008:237",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:237"
        },
        {
          "name": "FEDORA-2008-6314",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00153.html"
        },
        {
          "name": "ADV-2008-1798",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1798"
        },
        {
          "name": "APPLE-SA-2008-10-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3216"
        },
        {
          "name": "MDVSA-2008:195",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:195"
        },
        {
          "name": "SSRT080118",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"
        },
        {
          "name": "PK67579",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK67579"
        },
        {
          "name": "SSRT090005",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210422 svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ test/ test/flood/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-2364",
    "datePublished": "2008-06-13T18:00:00.000Z",
    "dateReserved": "2008-05-21T00:00:00.000Z",
    "dateUpdated": "2024-08-07T08:58:02.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2008-2364",
      "date": "2026-05-28",
      "epss": "0.02213",
      "percentile": "0.84714"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.35\", \"versionEndExcluding\": \"2.0.64\", \"matchCriteriaId\": \"838655CB-43E7-4BDA-A80C-2314C9870717\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.2.0\", \"versionEndExcluding\": \"2.2.9\", \"matchCriteriaId\": \"34357005-C9AF-472E-8189-60713E340DF7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"823BF8BE-2309-4F67-A5E2-EAD98F723468\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"7EBFE35C-E243-43D1-883D-4398D71763CC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72E4DB7F-07C3-46BB-AAA2-05CD0312C57F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"743CBBB1-C140-4FEF-B40E-FAE4511B1140\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF3BBBC3-3EF9-4E24-9DE2-627E172A5473\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D74A418-50F0-42C0-ABBC-BBBE718FF025\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"133AAFA7-AF42-4D7B-8822-AA2E85611BF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1CA1D49-76E7-4195-98AF-BE916040ECC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4814716C-514C-40F7-A59B-ED61F14658DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"397313C3-6BF5-4A87-90B3-55678E807171\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73322DEE-27A6-4D18-88A3-ED7F9CAEABD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54D669D4-6D7E-449D-80C1-28FA44F06FFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2FE6DAA-4702-409A-98B6-DE13B12805A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B5DCF29-6830-45FF-BC88-17E2249C653D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0AC5CD5-6E58-433C-9EB3-6DFE5656463E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n ap_proxy_http_process_response en mod_proxy_http.c en el modulo mod_proxy en el Servidor HTTP Apache 2.0.63 y 2.2.8 no limita el n\\u00famero de respuestas de desv\\u00edo provisionales, lo que permite a servidores HTTP causar una denegaci\\u00f3n de servicio (memory consumption) a trav\\u00e9s de un gran n\\u00famero de respuestas provisionales.\"}]",
      "id": "CVE-2008-2364",
      "lastModified": "2024-11-21T00:46:43.047",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-06-13T18:41:00.000",
      "references": "[{\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\", \"Mailing List\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2008-0967.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30621\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/31026\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/31404\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/31416\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/31651\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/31904\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/32222\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/32685\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/32838\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/33156\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/33797\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/34219\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/34259\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/34418\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200807-06.xml\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://support.apple.com/kb/HT3216\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154\u0026r2=666153\u0026pathrev=666154\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg27008517\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1PK67579\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:195\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:237\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0966.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/494858/100/0/threaded\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/498567/100/0/threaded\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/29653\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/31681\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id?1020267\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-731-1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1798\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2780\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0320\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42987\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11713\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6084\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9577\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00153.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Mailing List\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2008-0967.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30621\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/31026\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/31404\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/31416\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/31651\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/31904\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/32222\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/32685\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/32838\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/33156\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/33797\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/34219\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/34259\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://secunia.com/advisories/34418\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200807-06.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://support.apple.com/kb/HT3216\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154\u0026r2=666153\u0026pathrev=666154\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg27008517\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1PK67579\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:195\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:237\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0966.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/494858/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/498567/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/29653\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/31681\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id?1020267\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-731-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1798\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2780\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0320\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42987\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11713\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6084\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9577\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00153.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vendorComments": "[{\"organization\": \"Apache\", \"comment\": \"Fixed in Apache HTTP Server 2.2.9.  http://httpd.apache.org/security/vulnerabilities_22.html\", \"lastModified\": \"2008-07-02T00:00:00\"}, {\"organization\": \"Red Hat\", \"comment\": \"Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\\n\\nThe Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.  More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/\", \"lastModified\": \"2008-06-26T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-2364\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2008-06-13T18:41:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n ap_proxy_http_process_response en mod_proxy_http.c en el modulo mod_proxy en el Servidor HTTP Apache 2.0.63 y 2.2.8 no limita el n\u00famero de respuestas de desv\u00edo provisionales, lo que permite a servidores HTTP causar una denegaci\u00f3n de servicio (memory consumption) a trav\u00e9s de un gran n\u00famero de respuestas provisionales.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.35\",\"versionEndExcluding\":\"2.0.64\",\"matchCriteriaId\":\"838655CB-43E7-4BDA-A80C-2314C9870717\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndExcluding\":\"2.2.9\",\"matchCriteriaId\":\"34357005-C9AF-472E-8189-60713E340DF7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"823BF8BE-2309-4F67-A5E2-EAD98F723468\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"7EBFE35C-E243-43D1-883D-4398D71763CC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72E4DB7F-07C3-46BB-AAA2-05CD0312C57F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"743CBBB1-C140-4FEF-B40E-FAE4511B1140\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF3BBBC3-3EF9-4E24-9DE2-627E172A5473\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D74A418-50F0-42C0-ABBC-BBBE718FF025\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"133AAFA7-AF42-4D7B-8822-AA2E85611BF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1CA1D49-76E7-4195-98AF-BE916040ECC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4814716C-514C-40F7-A59B-ED61F14658DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"397313C3-6BF5-4A87-90B3-55678E807171\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73322DEE-27A6-4D18-88A3-ED7F9CAEABD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54D669D4-6D7E-449D-80C1-28FA44F06FFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2FE6DAA-4702-409A-98B6-DE13B12805A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B5DCF29-6830-45FF-BC88-17E2249C653D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0AC5CD5-6E58-433C-9EB3-6DFE5656463E\"}]}]}],\"references\":[{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2008-0967.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/30621\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31026\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/31404\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/31416\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/31651\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/31904\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/32222\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/32685\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/32838\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/33156\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/33797\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/34219\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/34259\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/34418\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200807-06.xml\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://support.apple.com/kb/HT3216\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154\u0026r2=666153\u0026pathrev=666154\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg27008517\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1PK67579\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:195\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:237\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0966.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/494858/100/0/threaded\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/498567/100/0/threaded\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/29653\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/31681\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1020267\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-731-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1798\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2780\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0320\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42987\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11713\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6084\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9577\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00153.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Mailing List\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2008-0967.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/30621\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31026\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/31404\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/31416\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/31651\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/31904\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/32222\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/32685\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/32838\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/33156\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/33797\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/34219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/34259\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/34418\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200807-06.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://support.apple.com/kb/HT3216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154\u0026r2=666153\u0026pathrev=666154\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg27008517\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1PK67579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:195\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:237\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0966.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/494858/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/498567/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/29653\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/31681\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1020267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-731-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1798\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42987\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11713\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00153.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}],\"vendorComments\":[{\"organization\":\"Apache\",\"comment\":\"Fixed in Apache HTTP Server 2.2.9.  http://httpd.apache.org/security/vulnerabilities_22.html\",\"lastModified\":\"2008-07-02T00:00:00\"},{\"organization\":\"Red Hat\",\"comment\":\"Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\\n\\nThe Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.  More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/\",\"lastModified\":\"2008-06-26T00:00:00\"}]}}"
  }
}

RHSA-2010_0602

Vulnerability from csaf_redhat - Published: 2010-08-04 21:30 - Updated: 2024-12-15 18:14

Summary

Red Hat Security Advisory: Red Hat Certificate System 7.3 security update

Severity

Moderate

Notes

Topic: Updated packages that fix multiple security issues and rebase various components are now available for Red Hat Certificate System 7.3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details: Red Hat Certificate System (RHCS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. Multiple buffer overflow flaws were discovered in the way the pcscd daemon, a resource manager that coordinates communications with smart card readers and smart cards connected to the system, handled client requests. A local user could create a specially-crafted request that would cause the pcscd daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407, CVE-2009-4901) This erratum updates the Tomcat component shipped as part of Red Hat Certificate System to version 5.5.23, to address multiple security issues. In a typical operating environment, Tomcat is not exposed to users of Certificate System in a vulnerable manner. These security updates will reduce risk in unique Certificate System environments. (CVE-2005-2090, CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382, CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232, CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580) This erratum provides updated versions of the following components, required by the updated Tomcat version: ant, avalon-logkit, axis, classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler, log4j, mx4j, xerces-j2, and xml-commons. A number of components have been updated to fix security issues for users of Red Hat Certificate System for the Solaris operating system. These fixes are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023, CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364, CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116 and CVE-2008-1927. Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were previously available to users of Red Hat Certificate System for Red Hat Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat Network. Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks, rhpki-java-tools, and rhpki-native-tools packages were updated to address some anomalous behavior on the Solaris operating system. (BZ#600513, BZ#605760) As well, this update provides an updated rhpki-manage package, which includes installation and uninstall scripts for Red Hat Certificate System that have been updated with the list of packages required by the Tomcat component, and an updated dependency on the NSS and NSPR packages. All users of Red Hat Certificate System are advised to upgrade to these updated packages, which correct these issues. Refer to the Red Hat Certificate System Administration Guide, linked to in the References, for details on how to install the updated packages on the Solaris operating system. After installing this update, all Red Hat Certificate System subsystems must be restarted ("/etc/init.d/[instance-name] restart") for the update to take effect.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2005-2090

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2005-3510

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2006-3835

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2006-3918

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2006-5752

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-0450

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Important

CVE-2007-1349

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-1358

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2007-1863

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-3304

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-3382

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2007-3385

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2007-3847

The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

CWE-125 - Out-of-bounds Read

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2007-4465

Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2007-5000

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2007-5116

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Important

CVE-2007-5333

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2007-5461

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Important

CVE-2007-6388

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2008-0005

mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2008-0128

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2008-1232

Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2008-1927

Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Important

CVE-2008-2364

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2008-2370

Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Important

CVE-2008-2939

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2008-5515

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Important

CVE-2009-0023

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.

4.3 ()


                        
                          AV:L/AC:L/Au:S/C:P/I:P/A:P

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2009-0033

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.

5.0 ()


                        
                          AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Important

CVE-2009-0580

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.

5.0 ()


                        
                          AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2009-1891

The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

2.6 ()


                        
                          AV:N/AC:H/Au:N/C:N/I:N/A:P

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2009-1955

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

5.0 ()


                        
                          AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2009-1956

Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.

4.3 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:N/A:N

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2009-2412

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.

6.8 ()


                        
                          AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2009-3094

The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.

2.6 ()


                        
                          AV:N/AC:H/Au:N/C:N/I:N/A:P

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2009-3095

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

2.6 ()


                        
                          AV:N/AC:H/Au:N/C:N/I:P/A:N

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Low

CVE-2009-4901

The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.

7.2 ()


                        
                          AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Important

CVE-2010-0407

Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.

7.2 ()


                        
                          AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Important

CVE-2010-0434

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.

2.6 ()


                        
                          AV:N/AC:H/Au:N/C:P/I:N/A:N

Affected products

Fixed 114 products

Product	Version	Remediation
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src	—	Vendor Fix fix
Unresolved product id: 4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch	—	Vendor Fix fix

Threats

Impact Low

References

197 references

URL	Category
https://access.redhat.com/errata/RHSA-2010:0602	self
http://www.redhat.com/security/updates/classifica…	external
http://www.redhat.com/docs/manuals/cert-system/7.…	external
https://bugzilla.redhat.com/show_bug.cgi?id=200732	external
https://bugzilla.redhat.com/show_bug.cgi?id=237079	external
https://bugzilla.redhat.com/show_bug.cgi?id=237080	external
https://bugzilla.redhat.com/show_bug.cgi?id=237084	external
https://bugzilla.redhat.com/show_bug.cgi?id=237085	external
https://bugzilla.redhat.com/show_bug.cgi?id=240423	external
https://bugzilla.redhat.com/show_bug.cgi?id=244658	external
https://bugzilla.redhat.com/show_bug.cgi?id=244803	external
https://bugzilla.redhat.com/show_bug.cgi?id=245111	external
https://bugzilla.redhat.com/show_bug.cgi?id=245112	external
https://bugzilla.redhat.com/show_bug.cgi?id=247972	external
https://bugzilla.redhat.com/show_bug.cgi?id=247976	external
https://bugzilla.redhat.com/show_bug.cgi?id=250731	external
https://bugzilla.redhat.com/show_bug.cgi?id=289511	external
https://bugzilla.redhat.com/show_bug.cgi?id=323571	external
https://bugzilla.redhat.com/show_bug.cgi?id=333791	external
https://bugzilla.redhat.com/show_bug.cgi?id=419931	external
https://bugzilla.redhat.com/show_bug.cgi?id=427228	external
https://bugzilla.redhat.com/show_bug.cgi?id=427739	external
https://bugzilla.redhat.com/show_bug.cgi?id=427766	external
https://bugzilla.redhat.com/show_bug.cgi?id=429821	external
https://bugzilla.redhat.com/show_bug.cgi?id=443928	external
https://bugzilla.redhat.com/show_bug.cgi?id=451615	external
https://bugzilla.redhat.com/show_bug.cgi?id=457597	external
https://bugzilla.redhat.com/show_bug.cgi?id=457934	external
https://bugzilla.redhat.com/show_bug.cgi?id=458250	external
https://bugzilla.redhat.com/show_bug.cgi?id=493381	external
https://bugzilla.redhat.com/show_bug.cgi?id=503928	external
https://bugzilla.redhat.com/show_bug.cgi?id=503978	external
https://bugzilla.redhat.com/show_bug.cgi?id=504390	external
https://bugzilla.redhat.com/show_bug.cgi?id=504555	external
https://bugzilla.redhat.com/show_bug.cgi?id=504753	external
https://bugzilla.redhat.com/show_bug.cgi?id=509125	external
https://bugzilla.redhat.com/show_bug.cgi?id=515698	external
https://bugzilla.redhat.com/show_bug.cgi?id=521619	external
https://bugzilla.redhat.com/show_bug.cgi?id=522209	external
https://bugzilla.redhat.com/show_bug.cgi?id=570171	external
https://bugzilla.redhat.com/show_bug.cgi?id=596426	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2005-2090	self
https://bugzilla.redhat.com/show_bug.cgi?id=237079	external
https://www.cve.org/CVERecord?id=CVE-2005-2090	external
https://nvd.nist.gov/vuln/detail/CVE-2005-2090	external
https://access.redhat.com/security/cve/CVE-2005-3510	self
https://bugzilla.redhat.com/show_bug.cgi?id=237085	external
https://www.cve.org/CVERecord?id=CVE-2005-3510	external
https://nvd.nist.gov/vuln/detail/CVE-2005-3510	external
https://access.redhat.com/security/cve/CVE-2006-3835	self
https://bugzilla.redhat.com/show_bug.cgi?id=237084	external
https://www.cve.org/CVERecord?id=CVE-2006-3835	external
https://nvd.nist.gov/vuln/detail/CVE-2006-3835	external
https://access.redhat.com/security/cve/CVE-2006-3918	self
https://bugzilla.redhat.com/show_bug.cgi?id=200732	external
https://www.cve.org/CVERecord?id=CVE-2006-3918	external
https://nvd.nist.gov/vuln/detail/CVE-2006-3918	external
https://access.redhat.com/security/cve/CVE-2006-5752	self
https://bugzilla.redhat.com/show_bug.cgi?id=245112	external
https://www.cve.org/CVERecord?id=CVE-2006-5752	external
https://nvd.nist.gov/vuln/detail/CVE-2006-5752	external
https://access.redhat.com/security/cve/CVE-2007-0450	self
https://bugzilla.redhat.com/show_bug.cgi?id=237080	external
https://www.cve.org/CVERecord?id=CVE-2007-0450	external
https://nvd.nist.gov/vuln/detail/CVE-2007-0450	external
https://access.redhat.com/security/cve/CVE-2007-1349	self
https://bugzilla.redhat.com/show_bug.cgi?id=240423	external
https://www.cve.org/CVERecord?id=CVE-2007-1349	external
https://nvd.nist.gov/vuln/detail/CVE-2007-1349	external
https://access.redhat.com/security/cve/CVE-2007-1358	self
https://bugzilla.redhat.com/show_bug.cgi?id=244803	external
https://www.cve.org/CVERecord?id=CVE-2007-1358	external
https://nvd.nist.gov/vuln/detail/CVE-2007-1358	external
https://access.redhat.com/security/cve/CVE-2007-1863	self
https://bugzilla.redhat.com/show_bug.cgi?id=244658	external
https://www.cve.org/CVERecord?id=CVE-2007-1863	external
https://nvd.nist.gov/vuln/detail/CVE-2007-1863	external
https://access.redhat.com/security/cve/CVE-2007-3304	self
https://bugzilla.redhat.com/show_bug.cgi?id=245111	external
https://www.cve.org/CVERecord?id=CVE-2007-3304	external
https://nvd.nist.gov/vuln/detail/CVE-2007-3304	external
https://access.redhat.com/security/cve/CVE-2007-3382	self
https://bugzilla.redhat.com/show_bug.cgi?id=247972	external
https://www.cve.org/CVERecord?id=CVE-2007-3382	external
https://nvd.nist.gov/vuln/detail/CVE-2007-3382	external
https://access.redhat.com/security/cve/CVE-2007-3385	self
https://bugzilla.redhat.com/show_bug.cgi?id=247976	external
https://www.cve.org/CVERecord?id=CVE-2007-3385	external
https://nvd.nist.gov/vuln/detail/CVE-2007-3385	external
https://access.redhat.com/security/cve/CVE-2007-3847	self
https://bugzilla.redhat.com/show_bug.cgi?id=250731	external
https://www.cve.org/CVERecord?id=CVE-2007-3847	external
https://nvd.nist.gov/vuln/detail/CVE-2007-3847	external
https://access.redhat.com/security/cve/CVE-2007-4465	self
https://bugzilla.redhat.com/show_bug.cgi?id=289511	external
https://www.cve.org/CVERecord?id=CVE-2007-4465	external
https://nvd.nist.gov/vuln/detail/CVE-2007-4465	external
https://access.redhat.com/security/cve/CVE-2007-5000	self
https://bugzilla.redhat.com/show_bug.cgi?id=419931	external
https://www.cve.org/CVERecord?id=CVE-2007-5000	external
https://nvd.nist.gov/vuln/detail/CVE-2007-5000	external
https://access.redhat.com/security/cve/CVE-2007-5116	self
https://bugzilla.redhat.com/show_bug.cgi?id=323571	external
https://www.cve.org/CVERecord?id=CVE-2007-5116	external
https://nvd.nist.gov/vuln/detail/CVE-2007-5116	external
https://access.redhat.com/security/cve/CVE-2007-5333	self
https://bugzilla.redhat.com/show_bug.cgi?id=427766	external
https://www.cve.org/CVERecord?id=CVE-2007-5333	external
https://nvd.nist.gov/vuln/detail/CVE-2007-5333	external
https://access.redhat.com/security/cve/CVE-2007-5461	self
https://bugzilla.redhat.com/show_bug.cgi?id=333791	external
https://www.cve.org/CVERecord?id=CVE-2007-5461	external
https://nvd.nist.gov/vuln/detail/CVE-2007-5461	external
https://access.redhat.com/security/cve/CVE-2007-6388	self
https://bugzilla.redhat.com/show_bug.cgi?id=427228	external
https://www.cve.org/CVERecord?id=CVE-2007-6388	external
https://nvd.nist.gov/vuln/detail/CVE-2007-6388	external
https://access.redhat.com/security/cve/CVE-2008-0005	self
https://bugzilla.redhat.com/show_bug.cgi?id=427739	external
https://www.cve.org/CVERecord?id=CVE-2008-0005	external
https://nvd.nist.gov/vuln/detail/CVE-2008-0005	external
https://access.redhat.com/security/cve/CVE-2008-0128	self
https://bugzilla.redhat.com/show_bug.cgi?id=429821	external
https://www.cve.org/CVERecord?id=CVE-2008-0128	external
https://nvd.nist.gov/vuln/detail/CVE-2008-0128	external
https://access.redhat.com/security/cve/CVE-2008-1232	self
https://bugzilla.redhat.com/show_bug.cgi?id=457597	external
https://www.cve.org/CVERecord?id=CVE-2008-1232	external
https://nvd.nist.gov/vuln/detail/CVE-2008-1232	external
https://access.redhat.com/security/cve/CVE-2008-1927	self
https://bugzilla.redhat.com/show_bug.cgi?id=443928	external
https://www.cve.org/CVERecord?id=CVE-2008-1927	external
https://nvd.nist.gov/vuln/detail/CVE-2008-1927	external
https://access.redhat.com/security/cve/CVE-2008-2364	self
https://bugzilla.redhat.com/show_bug.cgi?id=451615	external
https://www.cve.org/CVERecord?id=CVE-2008-2364	external
https://nvd.nist.gov/vuln/detail/CVE-2008-2364	external
https://access.redhat.com/security/cve/CVE-2008-2370	self
https://bugzilla.redhat.com/show_bug.cgi?id=457934	external
https://www.cve.org/CVERecord?id=CVE-2008-2370	external
https://nvd.nist.gov/vuln/detail/CVE-2008-2370	external
https://access.redhat.com/security/cve/CVE-2008-2939	self
https://bugzilla.redhat.com/show_bug.cgi?id=458250	external
https://www.cve.org/CVERecord?id=CVE-2008-2939	external
https://nvd.nist.gov/vuln/detail/CVE-2008-2939	external
https://access.redhat.com/security/cve/CVE-2008-5515	self
https://bugzilla.redhat.com/show_bug.cgi?id=504753	external
https://www.cve.org/CVERecord?id=CVE-2008-5515	external
https://nvd.nist.gov/vuln/detail/CVE-2008-5515	external
https://access.redhat.com/security/cve/CVE-2009-0023	self
https://bugzilla.redhat.com/show_bug.cgi?id=503928	external
https://www.cve.org/CVERecord?id=CVE-2009-0023	external
https://nvd.nist.gov/vuln/detail/CVE-2009-0023	external
https://access.redhat.com/security/cve/CVE-2009-0033	self
https://bugzilla.redhat.com/show_bug.cgi?id=493381	external
https://www.cve.org/CVERecord?id=CVE-2009-0033	external
https://nvd.nist.gov/vuln/detail/CVE-2009-0033	external
https://access.redhat.com/security/cve/CVE-2009-0580	self
https://bugzilla.redhat.com/show_bug.cgi?id=503978	external
https://www.cve.org/CVERecord?id=CVE-2009-0580	external
https://nvd.nist.gov/vuln/detail/CVE-2009-0580	external
https://access.redhat.com/security/cve/CVE-2009-1891	self
https://bugzilla.redhat.com/show_bug.cgi?id=509125	external
https://www.cve.org/CVERecord?id=CVE-2009-1891	external
https://nvd.nist.gov/vuln/detail/CVE-2009-1891	external
https://access.redhat.com/security/cve/CVE-2009-1955	self
https://bugzilla.redhat.com/show_bug.cgi?id=504555	external
https://www.cve.org/CVERecord?id=CVE-2009-1955	external
https://nvd.nist.gov/vuln/detail/CVE-2009-1955	external
https://access.redhat.com/security/cve/CVE-2009-1956	self
https://bugzilla.redhat.com/show_bug.cgi?id=504390	external
https://www.cve.org/CVERecord?id=CVE-2009-1956	external
https://nvd.nist.gov/vuln/detail/CVE-2009-1956	external
https://access.redhat.com/security/cve/CVE-2009-2412	self
https://bugzilla.redhat.com/show_bug.cgi?id=515698	external
https://www.cve.org/CVERecord?id=CVE-2009-2412	external
https://nvd.nist.gov/vuln/detail/CVE-2009-2412	external
https://access.redhat.com/security/cve/CVE-2009-3094	self
https://bugzilla.redhat.com/show_bug.cgi?id=521619	external
https://www.cve.org/CVERecord?id=CVE-2009-3094	external
https://nvd.nist.gov/vuln/detail/CVE-2009-3094	external
https://access.redhat.com/security/cve/CVE-2009-3095	self
https://bugzilla.redhat.com/show_bug.cgi?id=522209	external
https://www.cve.org/CVERecord?id=CVE-2009-3095	external
https://nvd.nist.gov/vuln/detail/CVE-2009-3095	external
https://access.redhat.com/security/cve/CVE-2009-4901	self
https://bugzilla.redhat.com/show_bug.cgi?id=596426	external
https://www.cve.org/CVERecord?id=CVE-2009-4901	external
https://nvd.nist.gov/vuln/detail/CVE-2009-4901	external
https://access.redhat.com/security/cve/CVE-2010-0407	self
https://www.cve.org/CVERecord?id=CVE-2010-0407	external
https://nvd.nist.gov/vuln/detail/CVE-2010-0407	external
https://access.redhat.com/security/cve/CVE-2010-0434	self
https://bugzilla.redhat.com/show_bug.cgi?id=570171	external
https://www.cve.org/CVERecord?id=CVE-2010-0434	external
https://nvd.nist.gov/vuln/detail/CVE-2010-0434	external

Acknowledgments

Tavis Ormandy Will Drewry

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2010:0602",
        "url": "https://access.redhat.com/errata/RHSA-2010:0602"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#moderate",
        "url": "http://www.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html",
        "url": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html"
      },
      {
        "category": "external",
        "summary": "200732",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
      },
      {
        "category": "external",
        "summary": "237079",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
      },
      {
        "category": "external",
        "summary": "237080",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
      },
      {
        "category": "external",
        "summary": "237084",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
      },
      {
        "category": "external",
        "summary": "237085",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
      },
      {
        "category": "external",
        "summary": "240423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
      },
      {
        "category": "external",
        "summary": "244658",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
      },
      {
        "category": "external",
        "summary": "244803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
      },
      {
        "category": "external",
        "summary": "245111",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
      },
      {
        "category": "external",
        "summary": "245112",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
      },
      {
        "category": "external",
        "summary": "247972",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
      },
      {
        "category": "external",
        "summary": "247976",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
      },
      {
        "category": "external",
        "summary": "250731",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
      },
      {
        "category": "external",
        "summary": "289511",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
      },
      {
        "category": "external",
        "summary": "323571",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
      },
      {
        "category": "external",
        "summary": "333791",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
      },
      {
        "category": "external",
        "summary": "419931",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
      },
      {
        "category": "external",
        "summary": "427228",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
      },
      {
        "category": "external",
        "summary": "427739",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
      },
      {
        "category": "external",
        "summary": "427766",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
      },
      {
        "category": "external",
        "summary": "429821",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
      },
      {
        "category": "external",
        "summary": "443928",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
      },
      {
        "category": "external",
        "summary": "451615",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
      },
      {
        "category": "external",
        "summary": "457597",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
      },
      {
        "category": "external",
        "summary": "457934",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
      },
      {
        "category": "external",
        "summary": "458250",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
      },
      {
        "category": "external",
        "summary": "493381",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
      },
      {
        "category": "external",
        "summary": "503928",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
      },
      {
        "category": "external",
        "summary": "503978",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
      },
      {
        "category": "external",
        "summary": "504390",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
      },
      {
        "category": "external",
        "summary": "504555",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
      },
      {
        "category": "external",
        "summary": "504753",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
      },
      {
        "category": "external",
        "summary": "509125",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
      },
      {
        "category": "external",
        "summary": "515698",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
      },
      {
        "category": "external",
        "summary": "521619",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
      },
      {
        "category": "external",
        "summary": "522209",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
      },
      {
        "category": "external",
        "summary": "570171",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
      },
      {
        "category": "external",
        "summary": "596426",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update",
    "tracking": {
      "current_release_date": "2024-12-15T18:14:44+00:00",
      "generator": {
        "date": "2024-12-15T18:14:44+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2010:0602",
      "initial_release_date": "2010-08-04T21:30:00+00:00",
      "revision_history": [
        {
          "date": "2010-08-04T21:30:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2010-08-05T10:04:51+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-15T18:14:44+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Certificate System 7.3 for 4AS",
                "product": {
                  "name": "Red Hat Certificate System 7.3 for 4AS",
                  "product_id": "4AS-CERT-7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:certificate_system:7.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Certificate System 7.3 for 4ES",
                "product": {
                  "name": "Red Hat Certificate System 7.3 for 4ES",
                  "product_id": "4ES-CERT-7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:certificate_system:7.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Certificate System"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
                "product": {
                  "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
                  "product_id": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
                "product": {
                  "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
                  "product_id": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
                "product": {
                  "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
                  "product_id": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ant-0:1.6.5-1jpp_1rh.noarch",
                "product": {
                  "name": "ant-0:1.6.5-1jpp_1rh.noarch",
                  "product_id": "ant-0:1.6.5-1jpp_1rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
                "product": {
                  "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
                  "product_id": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "axis-0:1.2.1-1jpp_3rh.noarch",
                "product": {
                  "name": "axis-0:1.2.1-1jpp_3rh.noarch",
                  "product_id": "axis-0:1.2.1-1jpp_3rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
                "product": {
                  "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
                  "product_id": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
                "product": {
                  "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
                  "product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "log4j-0:1.2.12-1jpp_1rh.noarch",
                "product": {
                  "name": "log4j-0:1.2.12-1jpp_1rh.noarch",
                  "product_id": "log4j-0:1.2.12-1jpp_1rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
                "product": {
                  "name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
                  "product_id": "mx4j-1:3.0.1-1jpp_4rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
                "product": {
                  "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
                  "product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-manage-0:7.3.0-19.el4.noarch",
                "product": {
                  "name": "rhpki-manage-0:7.3.0-19.el4.noarch",
                  "product_id": "rhpki-manage-0:7.3.0-19.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-ca-0:7.3.0-20.el4.noarch",
                "product": {
                  "name": "rhpki-ca-0:7.3.0-20.el4.noarch",
                  "product_id": "rhpki-ca-0:7.3.0-20.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-kra-0:7.3.0-14.el4.noarch",
                "product": {
                  "name": "rhpki-kra-0:7.3.0-14.el4.noarch",
                  "product_id": "rhpki-kra-0:7.3.0-14.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-tks-0:7.3.0-13.el4.noarch",
                "product": {
                  "name": "rhpki-tks-0:7.3.0-13.el4.noarch",
                  "product_id": "rhpki-tks-0:7.3.0-13.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
                "product": {
                  "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
                  "product_id": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
                "product": {
                  "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
                  "product_id": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xml-commons-0:1.3.02-2jpp_1rh.src",
                "product": {
                  "name": "xml-commons-0:1.3.02-2jpp_1rh.src",
                  "product_id": "xml-commons-0:1.3.02-2jpp_1rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
                "product": {
                  "name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
                  "product_id": "xerces-j2-0:2.7.1-1jpp_1rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ant-0:1.6.5-1jpp_1rh.src",
                "product": {
                  "name": "ant-0:1.6.5-1jpp_1rh.src",
                  "product_id": "ant-0:1.6.5-1jpp_1rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "avalon-logkit-0:1.2-2jpp_4rh.src",
                "product": {
                  "name": "avalon-logkit-0:1.2-2jpp_4rh.src",
                  "product_id": "avalon-logkit-0:1.2-2jpp_4rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "axis-0:1.2.1-1jpp_3rh.src",
                "product": {
                  "name": "axis-0:1.2.1-1jpp_3rh.src",
                  "product_id": "axis-0:1.2.1-1jpp_3rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
                "product": {
                  "name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
                  "product_id": "classpathx-jaf-0:1.0-2jpp_6rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
                "product": {
                  "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
                  "product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "log4j-0:1.2.12-1jpp_1rh.src",
                "product": {
                  "name": "log4j-0:1.2.12-1jpp_1rh.src",
                  "product_id": "log4j-0:1.2.12-1jpp_1rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mx4j-1:3.0.1-1jpp_4rh.src",
                "product": {
                  "name": "mx4j-1:3.0.1-1jpp_4rh.src",
                  "product_id": "mx4j-1:3.0.1-1jpp_4rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
                "product": {
                  "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
                  "product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
                  "product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-0:1.3.3-3.el4.src",
                "product": {
                  "name": "pcsc-lite-0:1.3.3-3.el4.src",
                  "product_id": "pcsc-lite-0:1.3.3-3.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
                "product": {
                  "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
                  "product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
                "product": {
                  "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
                  "product_id": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
                "product": {
                  "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
                  "product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
                "product": {
                  "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
                  "product_id": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
                "product": {
                  "name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
                  "product_id": "pcsc-lite-0:1.3.3-3.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
                "product": {
                  "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
                  "product_id": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
                "product": {
                  "name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
                  "product_id": "rhpki-native-tools-0:7.3.0-6.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
                "product": {
                  "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
                  "product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
                "product": {
                  "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
                  "product_id": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-0:1.3.3-3.el4.i386",
                "product": {
                  "name": "pcsc-lite-0:1.3.3-3.el4.i386",
                  "product_id": "pcsc-lite-0:1.3.3-3.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
                "product": {
                  "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
                  "product_id": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
        },
        "product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
        },
        "product_reference": "ant-0:1.6.5-1jpp_1rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
        },
        "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
        },
        "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
        },
        "product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
        },
        "product_reference": "axis-0:1.2.1-1jpp_3rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
        },
        "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
        },
        "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
        },
        "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
        },
        "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
        },
        "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
        },
        "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
        },
        "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
        },
        "product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
        },
        "product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
        },
        "product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
        },
        "product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
        },
        "product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
        },
        "product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
        },
        "product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
        },
        "product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
        },
        "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
        },
        "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
        },
        "product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
        },
        "product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
        },
        "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
        },
        "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
        },
        "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
        },
        "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        },
        "product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
        },
        "product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
        },
        "product_reference": "ant-0:1.6.5-1jpp_1rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
        },
        "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
        },
        "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
        },
        "product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
        },
        "product_reference": "axis-0:1.2.1-1jpp_3rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
        },
        "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
        },
        "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
        },
        "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
        },
        "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
        },
        "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
        },
        "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
        },
        "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
        },
        "product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
        },
        "product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
        },
        "product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
        },
        "product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
        },
        "product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
        },
        "product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
        },
        "product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
        },
        "product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
        },
        "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
        },
        "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
        },
        "product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
        },
        "product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
        },
        "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
        },
        "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
        },
        "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
        },
        "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        },
        "product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2005-2090",
      "discovery_date": "2005-06-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237079"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat multiple content-length header poisioning",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-2090"
        },
        {
          "category": "external",
          "summary": "RHBZ#237079",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090"
        }
      ],
      "release_date": "2005-06-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat multiple content-length header poisioning"
    },
    {
      "cve": "CVE-2005-3510",
      "discovery_date": "2005-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237085"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat DoS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-3510"
        },
        {
          "category": "external",
          "summary": "RHBZ#237085",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510"
        }
      ],
      "release_date": "2005-11-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat DoS"
    },
    {
      "cve": "CVE-2006-3835",
      "discovery_date": "2006-07-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237084"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat directory listing issue",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3835"
        },
        {
          "category": "external",
          "summary": "RHBZ#237084",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835"
        }
      ],
      "release_date": "2006-07-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat directory listing issue"
    },
    {
      "cve": "CVE-2006-3918",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2006-07-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "200732"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: Expect header XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3918"
        },
        {
          "category": "external",
          "summary": "RHBZ#200732",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3918"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918"
        }
      ],
      "release_date": "2006-05-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: Expect header XSS"
    },
    {
      "cve": "CVE-2006-5752",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-06-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "245112"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd mod_status XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-5752"
        },
        {
          "category": "external",
          "summary": "RHBZ#245112",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-5752"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752"
        }
      ],
      "release_date": "2007-06-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd mod_status XSS"
    },
    {
      "cve": "CVE-2007-0450",
      "discovery_date": "2007-03-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237080"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat directory traversal",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0450"
        },
        {
          "category": "external",
          "summary": "RHBZ#237080",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450"
        }
      ],
      "release_date": "2007-03-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat directory traversal"
    },
    {
      "cve": "CVE-2007-1349",
      "discovery_date": "2007-05-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "240423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_perl PerlRun denial of service",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1349"
        },
        {
          "category": "external",
          "summary": "RHBZ#240423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1349"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349"
        }
      ],
      "release_date": "2007-03-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mod_perl PerlRun denial of service"
    },
    {
      "cve": "CVE-2007-1358",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-04-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "244803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat accept-language xss flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1358"
        },
        {
          "category": "external",
          "summary": "RHBZ#244803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358"
        }
      ],
      "release_date": "2007-06-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat accept-language xss flaw"
    },
    {
      "cve": "CVE-2007-1863",
      "discovery_date": "2007-05-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "244658"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd mod_cache segfault",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1863"
        },
        {
          "category": "external",
          "summary": "RHBZ#244658",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1863",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863"
        }
      ],
      "release_date": "2007-05-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd mod_cache segfault"
    },
    {
      "cve": "CVE-2007-3304",
      "discovery_date": "2007-06-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "245111"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd scoreboard lack of PID protection",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3304"
        },
        {
          "category": "external",
          "summary": "RHBZ#245111",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3304"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304"
        }
      ],
      "release_date": "2007-06-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd scoreboard lack of PID protection"
    },
    {
      "cve": "CVE-2007-3382",
      "discovery_date": "2007-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "247972"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat handling of cookies",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3382"
        },
        {
          "category": "external",
          "summary": "RHBZ#247972",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382"
        }
      ],
      "release_date": "2007-08-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat handling of cookies"
    },
    {
      "cve": "CVE-2007-3385",
      "discovery_date": "2007-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "247976"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat handling of cookie values",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3385"
        },
        {
          "category": "external",
          "summary": "RHBZ#247976",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385"
        }
      ],
      "release_date": "2007-08-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat handling of cookie values"
    },
    {
      "cve": "CVE-2007-3847",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2007-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "250731"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: out of bounds read",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3847"
        },
        {
          "category": "external",
          "summary": "RHBZ#250731",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3847",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847"
        }
      ],
      "release_date": "2007-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: out of bounds read"
    },
    {
      "cve": "CVE-2007-4465",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-09-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "289511"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset.  NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_autoindex XSS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-4465"
        },
        {
          "category": "external",
          "summary": "RHBZ#289511",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465"
        }
      ],
      "release_date": "2007-09-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mod_autoindex XSS"
    },
    {
      "cve": "CVE-2007-5000",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "419931"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_imagemap XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5000"
        },
        {
          "category": "external",
          "summary": "RHBZ#419931",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000"
        }
      ],
      "release_date": "2007-12-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_imagemap XSS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Tavis Ormandy",
            "Will Drewry"
          ]
        }
      ],
      "cve": "CVE-2007-5116",
      "discovery_date": "2007-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "323571"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl regular expression UTF parsing errors",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5116"
        },
        {
          "category": "external",
          "summary": "RHBZ#323571",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5116",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5116"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116"
        }
      ],
      "release_date": "2007-11-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "perl regular expression UTF parsing errors"
    },
    {
      "cve": "CVE-2007-5333",
      "discovery_date": "2008-01-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427766"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Improve cookie parsing for tomcat5",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5333"
        },
        {
          "category": "external",
          "summary": "RHBZ#427766",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333"
        }
      ],
      "release_date": "2008-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Improve cookie parsing for tomcat5"
    },
    {
      "cve": "CVE-2007-5461",
      "discovery_date": "2007-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "333791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Absolute path traversal Apache Tomcat WEBDAV",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "RHBZ#333791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
        }
      ],
      "release_date": "2007-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Absolute path traversal Apache Tomcat WEBDAV"
    },
    {
      "cve": "CVE-2007-6388",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-01-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427228"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache mod_status cross-site scripting",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6388"
        },
        {
          "category": "external",
          "summary": "RHBZ#427228",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388"
        }
      ],
      "release_date": "2007-12-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache mod_status cross-site scripting"
    },
    {
      "cve": "CVE-2008-0005",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-01-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427739"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_proxy_ftp XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0005"
        },
        {
          "category": "external",
          "summary": "RHBZ#427739",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0005",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005"
        }
      ],
      "release_date": "2008-01-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mod_proxy_ftp XSS"
    },
    {
      "cve": "CVE-2008-0128",
      "discovery_date": "2008-01-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "429821"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat5 SSO cookie login information disclosure",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0128"
        },
        {
          "category": "external",
          "summary": "RHBZ#429821",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0128"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128"
        }
      ],
      "release_date": "2006-12-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat5 SSO cookie login information disclosure"
    },
    {
      "cve": "CVE-2008-1232",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "457597"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Cross-Site-Scripting enabled by sendError call",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1232"
        },
        {
          "category": "external",
          "summary": "RHBZ#457597",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
        }
      ],
      "release_date": "2008-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Cross-Site-Scripting enabled by sendError call"
    },
    {
      "cve": "CVE-2008-1927",
      "discovery_date": "2008-04-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "443928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters.  NOTE: this issue might only be present on certain operating systems.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl: heap corruption by regular expressions with utf8 characters",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1927"
        },
        {
          "category": "external",
          "summary": "RHBZ#443928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1927",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1927"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927"
        }
      ],
      "release_date": "2007-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "perl: heap corruption by regular expressions with utf8 characters"
    },
    {
      "cve": "CVE-2008-2364",
      "discovery_date": "2008-05-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "451615"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2364"
        },
        {
          "category": "external",
          "summary": "RHBZ#451615",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2364",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364"
        }
      ],
      "release_date": "2008-06-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server"
    },
    {
      "cve": "CVE-2008-2370",
      "discovery_date": "2008-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "457934"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat RequestDispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2370"
        },
        {
          "category": "external",
          "summary": "RHBZ#457934",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
        }
      ],
      "release_date": "2008-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat RequestDispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2008-2939",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-08-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "458250"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy_ftp globbing XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2939"
        },
        {
          "category": "external",
          "summary": "RHBZ#458250",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2939",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939"
        }
      ],
      "release_date": "2008-08-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_proxy_ftp globbing XSS"
    },
    {
      "cve": "CVE-2008-5515",
      "discovery_date": "2009-06-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504753"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat request dispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "RHBZ#504753",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
        }
      ],
      "release_date": "2009-06-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat request dispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2009-0023",
      "discovery_date": "2009-06-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apr-util heap buffer underwrite",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0023"
        },
        {
          "category": "external",
          "summary": "RHBZ#503928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apr-util heap buffer underwrite"
    },
    {
      "cve": "CVE-2009-0033",
      "discovery_date": "2009-01-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "493381"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Denial-Of-Service with AJP connection",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "RHBZ#493381",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat6 Denial-Of-Service with AJP connection"
    },
    {
      "cve": "CVE-2009-0580",
      "discovery_date": "2009-06-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503978"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Information disclosure in authentication classes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "RHBZ#503978",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat6 Information disclosure in authentication classes"
    },
    {
      "cve": "CVE-2009-1891",
      "discovery_date": "2009-06-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "509125"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: possible temporary DoS (CPU consumption) in mod_deflate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1891"
        },
        {
          "category": "external",
          "summary": "RHBZ#509125",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1891",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891"
        }
      ],
      "release_date": "2009-06-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: possible temporary DoS (CPU consumption) in mod_deflate"
    },
    {
      "cve": "CVE-2009-1955",
      "discovery_date": "2009-06-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504555"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apr-util billion laughs attack",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1955"
        },
        {
          "category": "external",
          "summary": "RHBZ#504555",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1955",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955"
        }
      ],
      "release_date": "2009-06-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apr-util billion laughs attack"
    },
    {
      "cve": "CVE-2009-1956",
      "discovery_date": "2009-06-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504390"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apr-util single NULL byte buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1956"
        },
        {
          "category": "external",
          "summary": "RHBZ#504390",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1956",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956"
        }
      ],
      "release_date": "2009-04-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apr-util single NULL byte buffer overflow"
    },
    {
      "cve": "CVE-2009-2412",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2009-07-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "515698"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows.  NOTE: some of these details are obtained from third party information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-2412"
        },
        {
          "category": "external",
          "summary": "RHBZ#515698",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
        }
      ],
      "release_date": "2009-08-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
    },
    {
      "cve": "CVE-2009-3094",
      "discovery_date": "2009-09-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "521619"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3094"
        },
        {
          "category": "external",
          "summary": "RHBZ#521619",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3094",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3094"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094"
        }
      ],
      "release_date": "2009-09-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply"
    },
    {
      "cve": "CVE-2009-3095",
      "discovery_date": "2009-09-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "522209"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3095"
        },
        {
          "category": "external",
          "summary": "RHBZ#522209",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3095",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095"
        }
      ],
      "release_date": "2009-09-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header"
    },
    {
      "cve": "CVE-2009-4901",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2010-05-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "596426"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-4901"
        },
        {
          "category": "external",
          "summary": "RHBZ#596426",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-4901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901"
        }
      ],
      "release_date": "2010-06-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
    },
    {
      "cve": "CVE-2010-0407",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2010-05-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "596426"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-0407"
        },
        {
          "category": "external",
          "summary": "RHBZ#596426",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407"
        }
      ],
      "release_date": "2010-06-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
    },
    {
      "cve": "CVE-2010-0434",
      "discovery_date": "2010-03-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "570171"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: request header information leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-0434"
        },
        {
          "category": "external",
          "summary": "RHBZ#570171",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434"
        }
      ],
      "release_date": "2009-12-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: request header information leak"
    }
  ]
}

VAR-200705-0688

Vulnerability from variot - Updated: 2024-07-23 19:37

The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. (DoS) Vulnerabilities exist.Denial of service due to response sent in large quantities by third parties (DoS) There is a possibility of being put into a state. Attackers may exploit this issue to cause denial-of-service conditions. Reportedly, the issue affects Apache 2.2.8 and 2.0.63; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01650939 Version: 1

HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2009-02-02 Last Updated: 2009-02-02

Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.

References: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier HP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.

RESOLUTION

HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location: URL: http://software.hp.com

Note: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 and HP-UX Tomcat-based Servlet Engine 5.5.27.01.01

HP-UX Release - B.11.23 and B.11.31 PA-32 Apache Depot name - HPUXWSATW-B302-32.depot

HP-UX Release - B.11.23 and B.11.31 IA-64 Apache Depot name - HPUXWSATW-B302-64.depot

HP-UX Release - B.11.11 PA-32 Apache Depot name - HPUXWSATW-B222-1111.depot

MANUAL ACTIONS: Yes - Update

Install Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.11

hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT hpuxwsWEBMIN.WEBMIN

action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com

HP-UX B.11.23

hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN

action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com

HP-UX B.11.31

hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN

action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) 2 February 2009 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1

iQA/AwUBSYhX8+AfOvwtKn1ZEQJxcACeJa8lt5TkhV5qnaGRTaBh4kqHutgAoJbH XCe08aGCzEZj/q4n91JQnhq6 =XImF -----END PGP SIGNATURE----- .

A cross-site scripting vulnerability was found in the mod_proxy_ftp module in Apache that allowed remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939).

The updated packages have been patched to prevent these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939

Updated Packages:

Mandriva Linux 2007.1: 7ba0fa98b5e5f34f2c3bb5798f300736 2007.1/i586/apache-base-2.2.4-6.5mdv2007.1.i586.rpm 82dccbbcca45d5aba2c7a9afb615ffb7 2007.1/i586/apache-devel-2.2.4-6.5mdv2007.1.i586.rpm 43c50d9ad73f39e88acf35a48915f472 2007.1/i586/apache-htcacheclean-2.2.4-6.5mdv2007.1.i586.rpm 7e7821b41de94eba4e413c4218e72f05 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.5mdv2007.1.i586.rpm 82b527ca5b90f4857ece74972c34bd2b 2007.1/i586/apache-mod_cache-2.2.4-6.5mdv2007.1.i586.rpm 4bc7f0488a4c8ea05446ea04611fa671 2007.1/i586/apache-mod_dav-2.2.4-6.5mdv2007.1.i586.rpm fa53bb715a9733fc5f4ef8a18e8a1577 2007.1/i586/apache-mod_dbd-2.2.4-6.5mdv2007.1.i586.rpm d9759e97fb29783b69ee4bebba96e9d8 2007.1/i586/apache-mod_deflate-2.2.4-6.5mdv2007.1.i586.rpm 9934937a1a7fb3ab277daac03a04fd6e 2007.1/i586/apache-mod_disk_cache-2.2.4-6.5mdv2007.1.i586.rpm 4f16a0af444be1610749287944264d1b 2007.1/i586/apache-mod_file_cache-2.2.4-6.5mdv2007.1.i586.rpm 9b1fc5ab5579bde1fbfb9ae08b18d1ec 2007.1/i586/apache-mod_ldap-2.2.4-6.5mdv2007.1.i586.rpm 9a9029063f10dd3fa81ee4eed3fe5d51 2007.1/i586/apache-mod_mem_cache-2.2.4-6.5mdv2007.1.i586.rpm 6930a06576c337ca7ecaab2a8cf4ca59 2007.1/i586/apache-mod_proxy-2.2.4-6.5mdv2007.1.i586.rpm c7834d18c0999590abb42d3efad7a035 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.5mdv2007.1.i586.rpm 641b5bc3988af4ee0f5600e2d34c1230 2007.1/i586/apache-mod_ssl-2.2.4-6.5mdv2007.1.i586.rpm af9bada6d30145bfaa58be10eec6798b 2007.1/i586/apache-modules-2.2.4-6.5mdv2007.1.i586.rpm 796296888cfb7978fbca22764de10753 2007.1/i586/apache-mod_userdir-2.2.4-6.5mdv2007.1.i586.rpm 110acb3a28bf8e911309afd7d5381950 2007.1/i586/apache-mpm-event-2.2.4-6.5mdv2007.1.i586.rpm 065949244c838c9ec8baf47e66227803 2007.1/i586/apache-mpm-itk-2.2.4-6.5mdv2007.1.i586.rpm ad0e0e109fbed8fc7be0d6b8b36c7503 2007.1/i586/apache-mpm-prefork-2.2.4-6.5mdv2007.1.i586.rpm 31ce817bb36ec93214fdb177f86096cf 2007.1/i586/apache-mpm-worker-2.2.4-6.5mdv2007.1.i586.rpm 5eba2d9af248c7107279f21cd4bde2b3 2007.1/i586/apache-source-2.2.4-6.5mdv2007.1.i586.rpm 012cdfd939633fa3feae44c7d7bec736 2007.1/SRPMS/apache-2.2.4-6.5mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64: 5997be8532eccc8f20f5c121895df248 2007.1/x86_64/apache-base-2.2.4-6.5mdv2007.1.x86_64.rpm 096a4e2f17838c847099f2dc41e4ca5a 2007.1/x86_64/apache-devel-2.2.4-6.5mdv2007.1.x86_64.rpm b4f3cd71a3683bcc4e9b1dcdabcbfdaa 2007.1/x86_64/apache-htcacheclean-2.2.4-6.5mdv2007.1.x86_64.rpm f03a92759c1159477f04890092636f27 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.5mdv2007.1.x86_64.rpm 1bc914605bd0c3b05d455eeb053068e2 2007.1/x86_64/apache-mod_cache-2.2.4-6.5mdv2007.1.x86_64.rpm 3e8aaa6e0d70bdc5f439928f102a5f61 2007.1/x86_64/apache-mod_dav-2.2.4-6.5mdv2007.1.x86_64.rpm a51dabbb6220c17ecdb001cf1444e99f 2007.1/x86_64/apache-mod_dbd-2.2.4-6.5mdv2007.1.x86_64.rpm 1252150d2fc936309c6cb9794627cc8f 2007.1/x86_64/apache-mod_deflate-2.2.4-6.5mdv2007.1.x86_64.rpm bc4878995bfe34a46419a3a6aa090d91 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.5mdv2007.1.x86_64.rpm cd8b213c41d3dce5070483cf2e9d71e2 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.5mdv2007.1.x86_64.rpm ec1a79f3d6defecb3ed2dbf8d85ba98c 2007.1/x86_64/apache-mod_ldap-2.2.4-6.5mdv2007.1.x86_64.rpm 6158e3825e4b7e631f6c6eab65660aab 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.5mdv2007.1.x86_64.rpm 4b01be50b5531dfd3a92189388165c7b 2007.1/x86_64/apache-mod_proxy-2.2.4-6.5mdv2007.1.x86_64.rpm 32735f0b995664e2983c3768473db144 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.5mdv2007.1.x86_64.rpm a1709d589420b97e255a7f5db47e859c 2007.1/x86_64/apache-mod_ssl-2.2.4-6.5mdv2007.1.x86_64.rpm 936c34490fcc180777a3248d9970da5a 2007.1/x86_64/apache-modules-2.2.4-6.5mdv2007.1.x86_64.rpm 0364549013611e3e748a917a6269a61d 2007.1/x86_64/apache-mod_userdir-2.2.4-6.5mdv2007.1.x86_64.rpm 2640fd4b78d98e1aa7a8d994d7610b16 2007.1/x86_64/apache-mpm-event-2.2.4-6.5mdv2007.1.x86_64.rpm 4edad0e4f3119f88d4360d5a11dd3fd4 2007.1/x86_64/apache-mpm-itk-2.2.4-6.5mdv2007.1.x86_64.rpm 6ed107f6f60a88008aa0a21d1133c78e 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.5mdv2007.1.x86_64.rpm c39136dbd1fe0d53b80ed5fb232c775b 2007.1/x86_64/apache-mpm-worker-2.2.4-6.5mdv2007.1.x86_64.rpm 46b245caca2ae8afa49d9e13122cae58 2007.1/x86_64/apache-source-2.2.4-6.5mdv2007.1.x86_64.rpm 012cdfd939633fa3feae44c7d7bec736 2007.1/SRPMS/apache-2.2.4-6.5mdv2007.1.src.rpm

Mandriva Linux 2008.0: 9fba06d7b75a7400faf855f0947f0ead 2008.0/i586/apache-base-2.2.6-8.2mdv2008.0.i586.rpm c560ededd59c4f2556074326363991fe 2008.0/i586/apache-devel-2.2.6-8.2mdv2008.0.i586.rpm 80cb61aff0fc88d4e88074bfaf789e0a 2008.0/i586/apache-htcacheclean-2.2.6-8.2mdv2008.0.i586.rpm 69d3778cb2452189e9586c2f517c67ff 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.2mdv2008.0.i586.rpm 3b965dacd1d53c70b21bcbb45b62b4e4 2008.0/i586/apache-mod_cache-2.2.6-8.2mdv2008.0.i586.rpm 6b780e4611adb7d56bd562334f98c6ef 2008.0/i586/apache-mod_dav-2.2.6-8.2mdv2008.0.i586.rpm 148aad51fd72443d47f8afbf07943fc0 2008.0/i586/apache-mod_dbd-2.2.6-8.2mdv2008.0.i586.rpm e908b7d6220cb636d53a9989ed84337b 2008.0/i586/apache-mod_deflate-2.2.6-8.2mdv2008.0.i586.rpm 3ecc6c18d5ee2e34b6e3c770ce28199a 2008.0/i586/apache-mod_disk_cache-2.2.6-8.2mdv2008.0.i586.rpm 7557a733237c84de3477113a80119656 2008.0/i586/apache-mod_file_cache-2.2.6-8.2mdv2008.0.i586.rpm 586a9e027e6ec327c24f231d1c2705e3 2008.0/i586/apache-mod_ldap-2.2.6-8.2mdv2008.0.i586.rpm de055c23ec9eac3ac78f6a31146db8a9 2008.0/i586/apache-mod_mem_cache-2.2.6-8.2mdv2008.0.i586.rpm 4a32c704527fd42c97ffb8be87531363 2008.0/i586/apache-mod_proxy-2.2.6-8.2mdv2008.0.i586.rpm ad7bdc0861c42629366b0c4f0552eb0a 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.2mdv2008.0.i586.rpm 0ae1b7ba57162f8ae870e08e48f0d964 2008.0/i586/apache-mod_ssl-2.2.6-8.2mdv2008.0.i586.rpm 2d848e1ee979d12c66ef10b638ebce6e 2008.0/i586/apache-modules-2.2.6-8.2mdv2008.0.i586.rpm 085e672acacd0642f2baa8bce631b26b 2008.0/i586/apache-mod_userdir-2.2.6-8.2mdv2008.0.i586.rpm 3564507283ffddfaa528991d514ce3c4 2008.0/i586/apache-mpm-event-2.2.6-8.2mdv2008.0.i586.rpm 360033e8459d52a323753246d977eb2b 2008.0/i586/apache-mpm-itk-2.2.6-8.2mdv2008.0.i586.rpm ca4c9127740d3a433087031c706878ab 2008.0/i586/apache-mpm-prefork-2.2.6-8.2mdv2008.0.i586.rpm b892724c9776743f777ebf9da44159a8 2008.0/i586/apache-mpm-worker-2.2.6-8.2mdv2008.0.i586.rpm 15cc53561ac91ba3f89af6c2057726a7 2008.0/i586/apache-source-2.2.6-8.2mdv2008.0.i586.rpm fb2e547dc2b02b0d55384751729d8c2a 2008.0/SRPMS/apache-2.2.6-8.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64: f5c28f5db00c8d87e77bbe8b387c29e1 2008.0/x86_64/apache-base-2.2.6-8.2mdv2008.0.x86_64.rpm 2ea378183715ca15ead2b60c0ba6d1f3 2008.0/x86_64/apache-devel-2.2.6-8.2mdv2008.0.x86_64.rpm d15052d92f5918f47be634f052f5c8f8 2008.0/x86_64/apache-htcacheclean-2.2.6-8.2mdv2008.0.x86_64.rpm e00bae3dea071434ee63a0708f9cb2c9 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.2mdv2008.0.x86_64.rpm e16ceda13087b1e924b1233fa4c58568 2008.0/x86_64/apache-mod_cache-2.2.6-8.2mdv2008.0.x86_64.rpm 86ddeb3f207a928c537a1bac4a3b59f1 2008.0/x86_64/apache-mod_dav-2.2.6-8.2mdv2008.0.x86_64.rpm 2a239f7bd6a3e74a29b69f29f217fd98 2008.0/x86_64/apache-mod_dbd-2.2.6-8.2mdv2008.0.x86_64.rpm 6c3faec4fd23ed64ecbf508097fa948c 2008.0/x86_64/apache-mod_deflate-2.2.6-8.2mdv2008.0.x86_64.rpm 286c89f9021f2e766324f52196b6e03f 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.2mdv2008.0.x86_64.rpm 480c9861c06f5b535bcd0bd87e225023 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.2mdv2008.0.x86_64.rpm 61ed284bda26162a1da185a2aedca12e 2008.0/x86_64/apache-mod_ldap-2.2.6-8.2mdv2008.0.x86_64.rpm 2c8670da45ffbff476a189f4af7eecb3 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.2mdv2008.0.x86_64.rpm bee8fdde4536e497abfc7e48dd659689 2008.0/x86_64/apache-mod_proxy-2.2.6-8.2mdv2008.0.x86_64.rpm d45fe91cccf27cd403cfb2fd2f5bb5ba 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.2mdv2008.0.x86_64.rpm d9becf61089cb4dc0b224e4fccb11fb4 2008.0/x86_64/apache-mod_ssl-2.2.6-8.2mdv2008.0.x86_64.rpm 62ac5f1ec4c984dce76176203f5eeb6e 2008.0/x86_64/apache-modules-2.2.6-8.2mdv2008.0.x86_64.rpm 7042049d1d0b99c1e7f46142d6993761 2008.0/x86_64/apache-mod_userdir-2.2.6-8.2mdv2008.0.x86_64.rpm bd06a8f2c4074d5722556c38c5e0dc03 2008.0/x86_64/apache-mpm-event-2.2.6-8.2mdv2008.0.x86_64.rpm 6848d1ad52463fbf9de4631b22a4dd81 2008.0/x86_64/apache-mpm-itk-2.2.6-8.2mdv2008.0.x86_64.rpm 6bc3fee77b90a73d54dba755a96f4e11 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.2mdv2008.0.x86_64.rpm e9b20462aef79d790d604da2e59cc503 2008.0/x86_64/apache-mpm-worker-2.2.6-8.2mdv2008.0.x86_64.rpm a378e191f066f819419106a65e472535 2008.0/x86_64/apache-source-2.2.6-8.2mdv2008.0.x86_64.rpm fb2e547dc2b02b0d55384751729d8c2a 2008.0/SRPMS/apache-2.2.6-8.2mdv2008.0.src.rpm

Mandriva Linux 2008.1: 19bd0997c144cfd6c0792227f97c840a 2008.1/i586/apache-base-2.2.8-6.1mdv2008.1.i586.rpm c0bc6f89d51f7aeb0a907155ce424e63 2008.1/i586/apache-devel-2.2.8-6.1mdv2008.1.i586.rpm 38019754e020560317f9e4143c31120b 2008.1/i586/apache-htcacheclean-2.2.8-6.1mdv2008.1.i586.rpm 9d4d3b487b9e4a930e0dfad6f9a86b11 2008.1/i586/apache-mod_authn_dbd-2.2.8-6.1mdv2008.1.i586.rpm dcd9a987da631e20f0af5825c7a0f4cf 2008.1/i586/apache-mod_cache-2.2.8-6.1mdv2008.1.i586.rpm 9d77821dcb46af8c01e7dd30a74fd3f5 2008.1/i586/apache-mod_dav-2.2.8-6.1mdv2008.1.i586.rpm 7ec8c8bec08a8c7812e93ae6f630d721 2008.1/i586/apache-mod_dbd-2.2.8-6.1mdv2008.1.i586.rpm 4b3f7f658ca523658fcff97884404569 2008.1/i586/apache-mod_deflate-2.2.8-6.1mdv2008.1.i586.rpm 838d9649e9f9850ff7f50a9686783958 2008.1/i586/apache-mod_disk_cache-2.2.8-6.1mdv2008.1.i586.rpm 114c083f976c1c59f9ed2fc7865f47b9 2008.1/i586/apache-mod_file_cache-2.2.8-6.1mdv2008.1.i586.rpm efc293cd668271a0131d84a9776e7cb4 2008.1/i586/apache-mod_ldap-2.2.8-6.1mdv2008.1.i586.rpm e1e2413f175fa207ffb8d5ce2903439f 2008.1/i586/apache-mod_mem_cache-2.2.8-6.1mdv2008.1.i586.rpm 80e42fb54b7c926bd4ae6c8869bfe2b4 2008.1/i586/apache-mod_proxy-2.2.8-6.1mdv2008.1.i586.rpm b14cb1c38ff72f65af3dc26f419248b2 2008.1/i586/apache-mod_proxy_ajp-2.2.8-6.1mdv2008.1.i586.rpm 222d326db8d3d9c7ff49a5edf54ad460 2008.1/i586/apache-mod_ssl-2.2.8-6.1mdv2008.1.i586.rpm 8d4d65f206604150103a767559ce4ac0 2008.1/i586/apache-modules-2.2.8-6.1mdv2008.1.i586.rpm a02bf7d7cd6cb86b24728055f31e00e8 2008.1/i586/apache-mod_userdir-2.2.8-6.1mdv2008.1.i586.rpm 762b5a44d6ab770663e7802db5880c5c 2008.1/i586/apache-mpm-event-2.2.8-6.1mdv2008.1.i586.rpm 1ad89877cf9e1d19c9c0ae31da79cc4b 2008.1/i586/apache-mpm-itk-2.2.8-6.1mdv2008.1.i586.rpm 9e88d760212153696531a36e44e599da 2008.1/i586/apache-mpm-prefork-2.2.8-6.1mdv2008.1.i586.rpm f50d7edde588f2439aa4e831a63c35d7 2008.1/i586/apache-mpm-worker-2.2.8-6.1mdv2008.1.i586.rpm a9f60a580681ac55bc61ae250326dc6a 2008.1/i586/apache-source-2.2.8-6.1mdv2008.1.i586.rpm ffe7ace0a88205f764b21be6cf4ed2e1 2008.1/SRPMS/apache-2.2.8-6.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64: 7aafb608166a15e6373c11011e72117d 2008.1/x86_64/apache-base-2.2.8-6.1mdv2008.1.x86_64.rpm 9c39fe151fc9261c77fc5484f793358d 2008.1/x86_64/apache-devel-2.2.8-6.1mdv2008.1.x86_64.rpm d5dd9482dbfed961af363261f769a136 2008.1/x86_64/apache-htcacheclean-2.2.8-6.1mdv2008.1.x86_64.rpm a839a342ce15d6076907fa85b652ac45 2008.1/x86_64/apache-mod_authn_dbd-2.2.8-6.1mdv2008.1.x86_64.rpm c1cdf8ea93464f350cd5a97282a963a8 2008.1/x86_64/apache-mod_cache-2.2.8-6.1mdv2008.1.x86_64.rpm 0ebe3595df3974b090e1e41653a61ac8 2008.1/x86_64/apache-mod_dav-2.2.8-6.1mdv2008.1.x86_64.rpm 50d80ef4989cecf6d9b4d3a36e91c3f8 2008.1/x86_64/apache-mod_dbd-2.2.8-6.1mdv2008.1.x86_64.rpm 89badb88265d34c6b4dafcbd7240618d 2008.1/x86_64/apache-mod_deflate-2.2.8-6.1mdv2008.1.x86_64.rpm 6814c312ec71fa619e1533f08ed3d1fa 2008.1/x86_64/apache-mod_disk_cache-2.2.8-6.1mdv2008.1.x86_64.rpm ea7900772a2a78ba4913c41762c39069 2008.1/x86_64/apache-mod_file_cache-2.2.8-6.1mdv2008.1.x86_64.rpm b146eaeb311a6107d51413bc29d70315 2008.1/x86_64/apache-mod_ldap-2.2.8-6.1mdv2008.1.x86_64.rpm 7198b641d46ea2f24664c4a9d02b9063 2008.1/x86_64/apache-mod_mem_cache-2.2.8-6.1mdv2008.1.x86_64.rpm e04cdfbbad417123adae10cf13a2b626 2008.1/x86_64/apache-mod_proxy-2.2.8-6.1mdv2008.1.x86_64.rpm 8f9a04efe7760b08220b27f1cabd8a49 2008.1/x86_64/apache-mod_proxy_ajp-2.2.8-6.1mdv2008.1.x86_64.rpm 8ed701d6c742a5e60196653f79989a8a 2008.1/x86_64/apache-mod_ssl-2.2.8-6.1mdv2008.1.x86_64.rpm 3beb942d20bf63c2bc8cef202ef0e0aa 2008.1/x86_64/apache-modules-2.2.8-6.1mdv2008.1.x86_64.rpm fd40ed97d50b583c7f21a686d8146c7d 2008.1/x86_64/apache-mod_userdir-2.2.8-6.1mdv2008.1.x86_64.rpm f7451170b9c2c7f3f55a0d44567bebfe 2008.1/x86_64/apache-mpm-event-2.2.8-6.1mdv2008.1.x86_64.rpm 6e1b59583a15313f8dbf347170ec581d 2008.1/x86_64/apache-mpm-itk-2.2.8-6.1mdv2008.1.x86_64.rpm b60967808f886fc4444054fe4ba685fd 2008.1/x86_64/apache-mpm-prefork-2.2.8-6.1mdv2008.1.x86_64.rpm 0ab90ebae3fcfd1fa809e62e546222db 2008.1/x86_64/apache-mpm-worker-2.2.8-6.1mdv2008.1.x86_64.rpm 7726d40130eb5a14d8cf272cd08f7485 2008.1/x86_64/apache-source-2.2.8-6.1mdv2008.1.x86_64.rpm ffe7ace0a88205f764b21be6cf4ed2e1 2008.1/SRPMS/apache-2.2.8-6.1mdv2008.1.src.rpm

Corporate 4.0: b59bbaecc0f3c6301bee564c2862430a corporate/4.0/i586/apache-base-2.2.3-1.4.20060mlcs4.i586.rpm b3141af91788ac68afd1cfb34426cec3 corporate/4.0/i586/apache-devel-2.2.3-1.4.20060mlcs4.i586.rpm 309db27fc902b7eb77e0fd2b5e03359f corporate/4.0/i586/apache-htcacheclean-2.2.3-1.4.20060mlcs4.i586.rpm 8e7d56d01a51b7239b080765fd858088 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.4.20060mlcs4.i586.rpm 8e6bd8c3a89f5f277fb56e60b37bb6a9 corporate/4.0/i586/apache-mod_cache-2.2.3-1.4.20060mlcs4.i586.rpm fd99c7e58d56eb14a0e94c27edb2daf2 corporate/4.0/i586/apache-mod_dav-2.2.3-1.4.20060mlcs4.i586.rpm 75968093eca9011dd115d948c44f29ba corporate/4.0/i586/apache-mod_dbd-2.2.3-1.4.20060mlcs4.i586.rpm ba5118b4c1caa7e4b75229b5643b06b9 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.4.20060mlcs4.i586.rpm abb27116fae7ff7d319516c0f9a0a5e4 corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.4.20060mlcs4.i586.rpm e1bb6ed7fb0fbb39f762a932f34dc67b corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.4.20060mlcs4.i586.rpm a3d85c92d66a0ca0ed6dc6a6c6df23b4 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.4.20060mlcs4.i586.rpm eca828a6bd374d98af6fd785aa6970af corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.4.20060mlcs4.i586.rpm 8e28a95bd7f655c5b98c7405ca74de18 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.4.20060mlcs4.i586.rpm 23a2687957dae00dadc44b864032a838 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.4.20060mlcs4.i586.rpm a4a143aa2f9f8b1d3cedf68429a90fa4 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.4.20060mlcs4.i586.rpm 779cf371acd7012ac1acfaac0062a38a corporate/4.0/i586/apache-modules-2.2.3-1.4.20060mlcs4.i586.rpm e1a8927f0cfd3a08ca2af42ebc64932e corporate/4.0/i586/apache-mod_userdir-2.2.3-1.4.20060mlcs4.i586.rpm 3415eea7176bb392b87540c2bfcfed2b corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.4.20060mlcs4.i586.rpm 9b79811544ad30fd91608d5839b521eb corporate/4.0/i586/apache-mpm-worker-2.2.3-1.4.20060mlcs4.i586.rpm 1403616f0ba1cbcc552f7e33a32b303f corporate/4.0/i586/apache-source-2.2.3-1.4.20060mlcs4.i586.rpm fdda31ac2d27f5fe856746719b3ae87a corporate/4.0/SRPMS/apache-2.2.3-1.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64: e46ce6fe84b67d3d6caf6782d9352555 corporate/4.0/x86_64/apache-base-2.2.3-1.4.20060mlcs4.x86_64.rpm 5b1993dca50465213ca285d3fc38bc07 corporate/4.0/x86_64/apache-devel-2.2.3-1.4.20060mlcs4.x86_64.rpm 7076dbe94461207aa2399b887e6b669f corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.4.20060mlcs4.x86_64.rpm e51acf392e315892cfc60ef342b3e9f0 corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.4.20060mlcs4.x86_64.rpm 270e619d353fa9348b2d5713e660bb69 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm 8e8ae8e260b69d7150c6d7f8162eb261 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.4.20060mlcs4.x86_64.rpm 11fc6ca48580398733c9c26c6097aeb8 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.4.20060mlcs4.x86_64.rpm 6750c2039c64dd866146d240f06b302f corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.4.20060mlcs4.x86_64.rpm 0c7db97343700984a02d6365069bfbd5 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm d60aa90ac7a459f237a6c0ed190b0ea1 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm 873b63a672417971078076a5e3e4f363 corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.4.20060mlcs4.x86_64.rpm d964415079d86d6c6ff78381e3dfe8ef corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm c014bede921593c1035d8a1488909ab9 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.4.20060mlcs4.x86_64.rpm d4469077e683ea2a034bfb35be9ca8f6 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.4.20060mlcs4.x86_64.rpm 35638d36e7c4832f70460294ef496d33 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.4.20060mlcs4.x86_64.rpm de62531cfcf279b966c08940df7dc298 corporate/4.0/x86_64/apache-modules-2.2.3-1.4.20060mlcs4.x86_64.rpm a44db8a0824aa8ec654338640e30e14c corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.4.20060mlcs4.x86_64.rpm be326111f9e8dd9fb0a9a7699f7f99dd corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.4.20060mlcs4.x86_64.rpm 3b29042dd082e4f0f8e04fbff2f14c23 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.4.20060mlcs4.x86_64.rpm 576aed8c357f707db0e488e13b68834c corporate/4.0/x86_64/apache-source-2.2.3-1.4.20060mlcs4.x86_64.rpm fdda31ac2d27f5fe856746719b3ae87a corporate/4.0/SRPMS/apache-2.2.3-1.4.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIzBUvmqjQ0CJFipgRApHOAKCvASwDjqj110UnAsle/Jtgw9VwhwCg7zVf 0jg30niEBGmySzuHETORyts= =wMau -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .

This update also provides HTTP/1.1 compliance fixes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-06

                                        http://security.gentoo.org/

Severity: Normal Title: Apache: Denial of Service Date: July 09, 2008 Bugs: #222643, #227111 ID: 200807-06

Synopsis

Multiple vulnerabilities in Apache might lead to a Denial of Service.

Affected packages

-------------------------------------------------------------------
 Package             /  Vulnerable  /                   Unaffected
-------------------------------------------------------------------

1 www-servers/apache < 2.2.9 >= 2.2.9

Description

Multiple vulnerabilities have been discovered in Apache:

Dustin Kirkland reported that the mod_ssl module can leak memory when the client reports support for a compression algorithm (CVE-2008-1678).
sp3x of SecurityReason reported a Cross-Site Request Forgery vulnerability in the balancer-manager in the mod_proxy_balancer module (CVE-2007-6420).

Impact

A remote attacker could exploit these vulnerabilities by connecting to an Apache httpd, by causing an Apache proxy server to connect to a malicious server, or by enticing a balancer administrator to connect to a specially-crafted URL, resulting in a Denial of Service of the Apache daemon.

Workaround

There is no known workaround at this time.

Resolution

All Apache users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.9"

References

[ 1 ] CVE-2007-6420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420 [ 2 ] CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 [ 3 ] CVE-2008-2364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200807-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia.

For more information visit: http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com

TITLE: Hitachi Web Server Reverse Proxy Denial of Service

SECUNIA ADVISORY ID: SA35771

VERIFY ADVISORY: http://secunia.com/advisories/35771/

DESCRIPTION: A vulnerability has been reported in Hitachi Web Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error, which can be exploited to cause a high memory usage when the application is used as a reverse proxy.

Please see the vendor's advisory for a full list of affected products.

SOLUTION: Update to a fixed version. See vendor advisory for details.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS09-009/index.html

OTHER REFERENCES: http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001740.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

References: CVE-2006-3918, CVE-2007-4465, CVE-2007-6203, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2364, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200705-0688",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "http server",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "apache",
        "version": "2.0.64"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.2.9"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "8"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "8.04"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "http server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.2.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "6.06"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.7"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "9"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "http server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.35"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "7.10"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.2"
      },
      {
        "model": "http server",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "apache",
        "version": "2.2.8"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "2.0.47.x"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "version 6.0.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "version 6.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.5"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.5"
      },
      {
        "model": "http server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3 (x86)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3 (x86-64)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0 (x86-64)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux fuji",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux multimedia",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux personal",
        "scope": null,
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": null
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "11"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "11 (x64)"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.31"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (server)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5.0 (client)"
      },
      {
        "model": "rhel desktop workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (client)"
      },
      {
        "model": "web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "ucosminexus developer standard",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus service platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "interstage application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage studio",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.0.63"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.2.8"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "7.10"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "7.10"
      },
      {
        "model": "linux lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "7.10"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "7.10"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "7.10"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "11x64"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "11"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "10.0.0x64"
      },
      {
        "model": "personal",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "multimedia",
        "scope": null,
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": null
      },
      {
        "model": "fuji",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "0"
      },
      {
        "model": "appliance server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "turbolinux",
        "version": "2.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "appliance platform linux service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "2"
      },
      {
        "model": "appliance platform linux service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "certificate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "application stack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "v20"
      },
      {
        "model": "hat enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "4"
      },
      {
        "model": "hat enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "3"
      },
      {
        "model": "hat enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "red",
        "version": "5"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.3.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.7"
      },
      {
        "model": "http server roll up",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.22"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.2"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0.2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.5"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.4"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.1.3"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.5"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.3"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2007.1"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "os/400 v5r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "i5/os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.17"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.15"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.47.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.47"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.13"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "business availability center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.01"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "interstage studio standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.2"
      },
      {
        "model": "interstage studio standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.1"
      },
      {
        "model": "interstage studio standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage studio standard-j edition b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.1.0"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.1"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.2"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.1"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition 9.1.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.2"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.1"
      },
      {
        "model": "interstage application server enterprise edition b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition 9.1.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "coat systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "5.2.2.5"
      },
      {
        "model": "coat systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.2.2.4"
      },
      {
        "model": "coat systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "5.5"
      },
      {
        "model": "coat systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "5.4"
      },
      {
        "model": "coat systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "software foundation apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.8"
      },
      {
        "model": "software foundation apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.63"
      },
      {
        "model": "http server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.19"
      },
      {
        "model": "coat systems director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "5.5.2.3"
      },
      {
        "model": "software foundation apache",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.9"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "29653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001453"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-186"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2364"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.64",
                "versionStartIncluding": "2.0.35",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.2.9",
                "versionStartIncluding": "2.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-2364"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ryujiro Shibuya",
    "sources": [
      {
        "db": "BID",
        "id": "29653"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-186"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2008-2364",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2008-2364",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-2364",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200806-186",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2008-2364",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2008-2364"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001453"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-186"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2364"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. (DoS) Vulnerabilities exist.Denial of service due to response sent in large quantities by third parties (DoS) There is a possibility of being put into a state. \nAttackers may exploit this issue to cause denial-of-service conditions. \nReportedly, the issue affects Apache 2.2.8 and 2.0.63; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01650939\nVersion: 1\n\nHPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-02-02\nLast Updated: 2009-02-02\n\nPotential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite. \n\nReferences: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier \nHP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics \n===============================================\nReference                         Base Vector               Base Score \nCVE-2007-6420     (AV:N/AC:M/Au:N/C:N/I:P/A:N)      4.3\nCVE-2008-1232     (AV:N/AC:M/Au:N/C:N/I:P/A:N)      4.3\nCVE-2008-1947     (AV:N/AC:M/Au:N/C:N/I:P/A:N)      4.3\nCVE-2008-2364     (AV:N/AC:M/Au:N/C:N/I:P/A:N)      5.0\nCVE-2008-2370     (AV:N/AC:M/Au:N/C:N/I:P/A:N)      5.0\nCVE-2008-2938     (AV:N/AC:M/Au:N/C:N/I:P/A:N)      4.3\nCVE-2008-2939     (AV:N/AC:M/Au:N/C:N/I:P/A:N)      4.3\nCVE-2008-3658     (AV:N/AC:M/Au:N/C:N/I:P/A:N)      7.5\n===============================================\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n \nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location: \nURL: http://software.hp.com \n\nNote: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 \nand HP-UX Tomcat-based Servlet Engine 5.5.27.01.01 \n\nHP-UX Release - B.11.23 and B.11.31 PA-32\nApache Depot name - HPUXWSATW-B302-32.depot\n \nHP-UX Release - B.11.23 and B.11.31 IA-64\nApache Depot name - HPUXWSATW-B302-64.depot\n \nHP-UX Release - B.11.11 PA-32\nApache Depot name - HPUXWSATW-B222-1111.depot\n \n\nMANUAL ACTIONS: Yes - Update \n\nInstall Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent \n\nPRODUCT SPECIFIC INFORMATION \n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS \n\nHP-UX B.11.11 \n================== \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \nhpuxwsTOMCAT.TOMCAT \nhpuxwsWEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.23 \n================== \nhpuxws22APCH32.APACHE \nhpuxws22APCH32.APACHE2 \nhpuxws22APCH32.AUTH_LDAP \nhpuxws22APCH32.AUTH_LDAP2 \nhpuxws22APCH32.MOD_JK \nhpuxws22APCH32.MOD_JK2 \nhpuxws22APCH32.MOD_PERL \nhpuxws22APCH32.MOD_PERL2 \nhpuxws22APCH32.PHP \nhpuxws22APCH32.PHP2 \nhpuxws22APCH32.WEBPROXY \nhpuxws22APCH32.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.31 \n================== \nhpuxws22APACHE.APACHE \nhpuxws22APACHE.APACHE2 \nhpuxws22APACHE.AUTH_LDAP \nhpuxws22APACHE.AUTH_LDAP2 \nhpuxws22APACHE.MOD_JK \nhpuxws22APACHE.MOD_JK2 \nhpuxws22APACHE.MOD_PERL \nhpuxws22APACHE.MOD_PERL2 \nhpuxws22APACHE.PHP \nhpuxws22APACHE.PHP2 \nhpuxws22APACHE.WEBPROXY \nhpuxws22APACHE.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nEND AFFECTED VERSIONS \n\nHISTORY \nVersion:1 (rev.1) 2 February 2009 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBSYhX8+AfOvwtKn1ZEQJxcACeJa8lt5TkhV5qnaGRTaBh4kqHutgAoJbH\nXCe08aGCzEZj/q4n91JQnhq6\n=XImF\n-----END PGP SIGNATURE-----\n. \n \n A cross-site scripting vulnerability was found in the mod_proxy_ftp\n module in Apache that allowed remote attackers to inject arbitrary\n web script or HTML via wildcards in a pathname in an FTP URI\n (CVE-2008-2939). \n \n The updated packages have been patched to prevent these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2007.1:\n 7ba0fa98b5e5f34f2c3bb5798f300736  2007.1/i586/apache-base-2.2.4-6.5mdv2007.1.i586.rpm\n 82dccbbcca45d5aba2c7a9afb615ffb7  2007.1/i586/apache-devel-2.2.4-6.5mdv2007.1.i586.rpm\n 43c50d9ad73f39e88acf35a48915f472  2007.1/i586/apache-htcacheclean-2.2.4-6.5mdv2007.1.i586.rpm\n 7e7821b41de94eba4e413c4218e72f05  2007.1/i586/apache-mod_authn_dbd-2.2.4-6.5mdv2007.1.i586.rpm\n 82b527ca5b90f4857ece74972c34bd2b  2007.1/i586/apache-mod_cache-2.2.4-6.5mdv2007.1.i586.rpm\n 4bc7f0488a4c8ea05446ea04611fa671  2007.1/i586/apache-mod_dav-2.2.4-6.5mdv2007.1.i586.rpm\n fa53bb715a9733fc5f4ef8a18e8a1577  2007.1/i586/apache-mod_dbd-2.2.4-6.5mdv2007.1.i586.rpm\n d9759e97fb29783b69ee4bebba96e9d8  2007.1/i586/apache-mod_deflate-2.2.4-6.5mdv2007.1.i586.rpm\n 9934937a1a7fb3ab277daac03a04fd6e  2007.1/i586/apache-mod_disk_cache-2.2.4-6.5mdv2007.1.i586.rpm\n 4f16a0af444be1610749287944264d1b  2007.1/i586/apache-mod_file_cache-2.2.4-6.5mdv2007.1.i586.rpm\n 9b1fc5ab5579bde1fbfb9ae08b18d1ec  2007.1/i586/apache-mod_ldap-2.2.4-6.5mdv2007.1.i586.rpm\n 9a9029063f10dd3fa81ee4eed3fe5d51  2007.1/i586/apache-mod_mem_cache-2.2.4-6.5mdv2007.1.i586.rpm\n 6930a06576c337ca7ecaab2a8cf4ca59  2007.1/i586/apache-mod_proxy-2.2.4-6.5mdv2007.1.i586.rpm\n c7834d18c0999590abb42d3efad7a035  2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.5mdv2007.1.i586.rpm\n 641b5bc3988af4ee0f5600e2d34c1230  2007.1/i586/apache-mod_ssl-2.2.4-6.5mdv2007.1.i586.rpm\n af9bada6d30145bfaa58be10eec6798b  2007.1/i586/apache-modules-2.2.4-6.5mdv2007.1.i586.rpm\n 796296888cfb7978fbca22764de10753  2007.1/i586/apache-mod_userdir-2.2.4-6.5mdv2007.1.i586.rpm\n 110acb3a28bf8e911309afd7d5381950  2007.1/i586/apache-mpm-event-2.2.4-6.5mdv2007.1.i586.rpm\n 065949244c838c9ec8baf47e66227803  2007.1/i586/apache-mpm-itk-2.2.4-6.5mdv2007.1.i586.rpm\n ad0e0e109fbed8fc7be0d6b8b36c7503  2007.1/i586/apache-mpm-prefork-2.2.4-6.5mdv2007.1.i586.rpm\n 31ce817bb36ec93214fdb177f86096cf  2007.1/i586/apache-mpm-worker-2.2.4-6.5mdv2007.1.i586.rpm\n 5eba2d9af248c7107279f21cd4bde2b3  2007.1/i586/apache-source-2.2.4-6.5mdv2007.1.i586.rpm \n 012cdfd939633fa3feae44c7d7bec736  2007.1/SRPMS/apache-2.2.4-6.5mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 5997be8532eccc8f20f5c121895df248  2007.1/x86_64/apache-base-2.2.4-6.5mdv2007.1.x86_64.rpm\n 096a4e2f17838c847099f2dc41e4ca5a  2007.1/x86_64/apache-devel-2.2.4-6.5mdv2007.1.x86_64.rpm\n b4f3cd71a3683bcc4e9b1dcdabcbfdaa  2007.1/x86_64/apache-htcacheclean-2.2.4-6.5mdv2007.1.x86_64.rpm\n f03a92759c1159477f04890092636f27  2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.5mdv2007.1.x86_64.rpm\n 1bc914605bd0c3b05d455eeb053068e2  2007.1/x86_64/apache-mod_cache-2.2.4-6.5mdv2007.1.x86_64.rpm\n 3e8aaa6e0d70bdc5f439928f102a5f61  2007.1/x86_64/apache-mod_dav-2.2.4-6.5mdv2007.1.x86_64.rpm\n a51dabbb6220c17ecdb001cf1444e99f  2007.1/x86_64/apache-mod_dbd-2.2.4-6.5mdv2007.1.x86_64.rpm\n 1252150d2fc936309c6cb9794627cc8f  2007.1/x86_64/apache-mod_deflate-2.2.4-6.5mdv2007.1.x86_64.rpm\n bc4878995bfe34a46419a3a6aa090d91  2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.5mdv2007.1.x86_64.rpm\n cd8b213c41d3dce5070483cf2e9d71e2  2007.1/x86_64/apache-mod_file_cache-2.2.4-6.5mdv2007.1.x86_64.rpm\n ec1a79f3d6defecb3ed2dbf8d85ba98c  2007.1/x86_64/apache-mod_ldap-2.2.4-6.5mdv2007.1.x86_64.rpm\n 6158e3825e4b7e631f6c6eab65660aab  2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.5mdv2007.1.x86_64.rpm\n 4b01be50b5531dfd3a92189388165c7b  2007.1/x86_64/apache-mod_proxy-2.2.4-6.5mdv2007.1.x86_64.rpm\n 32735f0b995664e2983c3768473db144  2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.5mdv2007.1.x86_64.rpm\n a1709d589420b97e255a7f5db47e859c  2007.1/x86_64/apache-mod_ssl-2.2.4-6.5mdv2007.1.x86_64.rpm\n 936c34490fcc180777a3248d9970da5a  2007.1/x86_64/apache-modules-2.2.4-6.5mdv2007.1.x86_64.rpm\n 0364549013611e3e748a917a6269a61d  2007.1/x86_64/apache-mod_userdir-2.2.4-6.5mdv2007.1.x86_64.rpm\n 2640fd4b78d98e1aa7a8d994d7610b16  2007.1/x86_64/apache-mpm-event-2.2.4-6.5mdv2007.1.x86_64.rpm\n 4edad0e4f3119f88d4360d5a11dd3fd4  2007.1/x86_64/apache-mpm-itk-2.2.4-6.5mdv2007.1.x86_64.rpm\n 6ed107f6f60a88008aa0a21d1133c78e  2007.1/x86_64/apache-mpm-prefork-2.2.4-6.5mdv2007.1.x86_64.rpm\n c39136dbd1fe0d53b80ed5fb232c775b  2007.1/x86_64/apache-mpm-worker-2.2.4-6.5mdv2007.1.x86_64.rpm\n 46b245caca2ae8afa49d9e13122cae58  2007.1/x86_64/apache-source-2.2.4-6.5mdv2007.1.x86_64.rpm \n 012cdfd939633fa3feae44c7d7bec736  2007.1/SRPMS/apache-2.2.4-6.5mdv2007.1.src.rpm\n\n Mandriva Linux 2008.0:\n 9fba06d7b75a7400faf855f0947f0ead  2008.0/i586/apache-base-2.2.6-8.2mdv2008.0.i586.rpm\n c560ededd59c4f2556074326363991fe  2008.0/i586/apache-devel-2.2.6-8.2mdv2008.0.i586.rpm\n 80cb61aff0fc88d4e88074bfaf789e0a  2008.0/i586/apache-htcacheclean-2.2.6-8.2mdv2008.0.i586.rpm\n 69d3778cb2452189e9586c2f517c67ff  2008.0/i586/apache-mod_authn_dbd-2.2.6-8.2mdv2008.0.i586.rpm\n 3b965dacd1d53c70b21bcbb45b62b4e4  2008.0/i586/apache-mod_cache-2.2.6-8.2mdv2008.0.i586.rpm\n 6b780e4611adb7d56bd562334f98c6ef  2008.0/i586/apache-mod_dav-2.2.6-8.2mdv2008.0.i586.rpm\n 148aad51fd72443d47f8afbf07943fc0  2008.0/i586/apache-mod_dbd-2.2.6-8.2mdv2008.0.i586.rpm\n e908b7d6220cb636d53a9989ed84337b  2008.0/i586/apache-mod_deflate-2.2.6-8.2mdv2008.0.i586.rpm\n 3ecc6c18d5ee2e34b6e3c770ce28199a  2008.0/i586/apache-mod_disk_cache-2.2.6-8.2mdv2008.0.i586.rpm\n 7557a733237c84de3477113a80119656  2008.0/i586/apache-mod_file_cache-2.2.6-8.2mdv2008.0.i586.rpm\n 586a9e027e6ec327c24f231d1c2705e3  2008.0/i586/apache-mod_ldap-2.2.6-8.2mdv2008.0.i586.rpm\n de055c23ec9eac3ac78f6a31146db8a9  2008.0/i586/apache-mod_mem_cache-2.2.6-8.2mdv2008.0.i586.rpm\n 4a32c704527fd42c97ffb8be87531363  2008.0/i586/apache-mod_proxy-2.2.6-8.2mdv2008.0.i586.rpm\n ad7bdc0861c42629366b0c4f0552eb0a  2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.2mdv2008.0.i586.rpm\n 0ae1b7ba57162f8ae870e08e48f0d964  2008.0/i586/apache-mod_ssl-2.2.6-8.2mdv2008.0.i586.rpm\n 2d848e1ee979d12c66ef10b638ebce6e  2008.0/i586/apache-modules-2.2.6-8.2mdv2008.0.i586.rpm\n 085e672acacd0642f2baa8bce631b26b  2008.0/i586/apache-mod_userdir-2.2.6-8.2mdv2008.0.i586.rpm\n 3564507283ffddfaa528991d514ce3c4  2008.0/i586/apache-mpm-event-2.2.6-8.2mdv2008.0.i586.rpm\n 360033e8459d52a323753246d977eb2b  2008.0/i586/apache-mpm-itk-2.2.6-8.2mdv2008.0.i586.rpm\n ca4c9127740d3a433087031c706878ab  2008.0/i586/apache-mpm-prefork-2.2.6-8.2mdv2008.0.i586.rpm\n b892724c9776743f777ebf9da44159a8  2008.0/i586/apache-mpm-worker-2.2.6-8.2mdv2008.0.i586.rpm\n 15cc53561ac91ba3f89af6c2057726a7  2008.0/i586/apache-source-2.2.6-8.2mdv2008.0.i586.rpm \n fb2e547dc2b02b0d55384751729d8c2a  2008.0/SRPMS/apache-2.2.6-8.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n f5c28f5db00c8d87e77bbe8b387c29e1  2008.0/x86_64/apache-base-2.2.6-8.2mdv2008.0.x86_64.rpm\n 2ea378183715ca15ead2b60c0ba6d1f3  2008.0/x86_64/apache-devel-2.2.6-8.2mdv2008.0.x86_64.rpm\n d15052d92f5918f47be634f052f5c8f8  2008.0/x86_64/apache-htcacheclean-2.2.6-8.2mdv2008.0.x86_64.rpm\n e00bae3dea071434ee63a0708f9cb2c9  2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.2mdv2008.0.x86_64.rpm\n e16ceda13087b1e924b1233fa4c58568  2008.0/x86_64/apache-mod_cache-2.2.6-8.2mdv2008.0.x86_64.rpm\n 86ddeb3f207a928c537a1bac4a3b59f1  2008.0/x86_64/apache-mod_dav-2.2.6-8.2mdv2008.0.x86_64.rpm\n 2a239f7bd6a3e74a29b69f29f217fd98  2008.0/x86_64/apache-mod_dbd-2.2.6-8.2mdv2008.0.x86_64.rpm\n 6c3faec4fd23ed64ecbf508097fa948c  2008.0/x86_64/apache-mod_deflate-2.2.6-8.2mdv2008.0.x86_64.rpm\n 286c89f9021f2e766324f52196b6e03f  2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.2mdv2008.0.x86_64.rpm\n 480c9861c06f5b535bcd0bd87e225023  2008.0/x86_64/apache-mod_file_cache-2.2.6-8.2mdv2008.0.x86_64.rpm\n 61ed284bda26162a1da185a2aedca12e  2008.0/x86_64/apache-mod_ldap-2.2.6-8.2mdv2008.0.x86_64.rpm\n 2c8670da45ffbff476a189f4af7eecb3  2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.2mdv2008.0.x86_64.rpm\n bee8fdde4536e497abfc7e48dd659689  2008.0/x86_64/apache-mod_proxy-2.2.6-8.2mdv2008.0.x86_64.rpm\n d45fe91cccf27cd403cfb2fd2f5bb5ba  2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.2mdv2008.0.x86_64.rpm\n d9becf61089cb4dc0b224e4fccb11fb4  2008.0/x86_64/apache-mod_ssl-2.2.6-8.2mdv2008.0.x86_64.rpm\n 62ac5f1ec4c984dce76176203f5eeb6e  2008.0/x86_64/apache-modules-2.2.6-8.2mdv2008.0.x86_64.rpm\n 7042049d1d0b99c1e7f46142d6993761  2008.0/x86_64/apache-mod_userdir-2.2.6-8.2mdv2008.0.x86_64.rpm\n bd06a8f2c4074d5722556c38c5e0dc03  2008.0/x86_64/apache-mpm-event-2.2.6-8.2mdv2008.0.x86_64.rpm\n 6848d1ad52463fbf9de4631b22a4dd81  2008.0/x86_64/apache-mpm-itk-2.2.6-8.2mdv2008.0.x86_64.rpm\n 6bc3fee77b90a73d54dba755a96f4e11  2008.0/x86_64/apache-mpm-prefork-2.2.6-8.2mdv2008.0.x86_64.rpm\n e9b20462aef79d790d604da2e59cc503  2008.0/x86_64/apache-mpm-worker-2.2.6-8.2mdv2008.0.x86_64.rpm\n a378e191f066f819419106a65e472535  2008.0/x86_64/apache-source-2.2.6-8.2mdv2008.0.x86_64.rpm \n fb2e547dc2b02b0d55384751729d8c2a  2008.0/SRPMS/apache-2.2.6-8.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.1:\n 19bd0997c144cfd6c0792227f97c840a  2008.1/i586/apache-base-2.2.8-6.1mdv2008.1.i586.rpm\n c0bc6f89d51f7aeb0a907155ce424e63  2008.1/i586/apache-devel-2.2.8-6.1mdv2008.1.i586.rpm\n 38019754e020560317f9e4143c31120b  2008.1/i586/apache-htcacheclean-2.2.8-6.1mdv2008.1.i586.rpm\n 9d4d3b487b9e4a930e0dfad6f9a86b11  2008.1/i586/apache-mod_authn_dbd-2.2.8-6.1mdv2008.1.i586.rpm\n dcd9a987da631e20f0af5825c7a0f4cf  2008.1/i586/apache-mod_cache-2.2.8-6.1mdv2008.1.i586.rpm\n 9d77821dcb46af8c01e7dd30a74fd3f5  2008.1/i586/apache-mod_dav-2.2.8-6.1mdv2008.1.i586.rpm\n 7ec8c8bec08a8c7812e93ae6f630d721  2008.1/i586/apache-mod_dbd-2.2.8-6.1mdv2008.1.i586.rpm\n 4b3f7f658ca523658fcff97884404569  2008.1/i586/apache-mod_deflate-2.2.8-6.1mdv2008.1.i586.rpm\n 838d9649e9f9850ff7f50a9686783958  2008.1/i586/apache-mod_disk_cache-2.2.8-6.1mdv2008.1.i586.rpm\n 114c083f976c1c59f9ed2fc7865f47b9  2008.1/i586/apache-mod_file_cache-2.2.8-6.1mdv2008.1.i586.rpm\n efc293cd668271a0131d84a9776e7cb4  2008.1/i586/apache-mod_ldap-2.2.8-6.1mdv2008.1.i586.rpm\n e1e2413f175fa207ffb8d5ce2903439f  2008.1/i586/apache-mod_mem_cache-2.2.8-6.1mdv2008.1.i586.rpm\n 80e42fb54b7c926bd4ae6c8869bfe2b4  2008.1/i586/apache-mod_proxy-2.2.8-6.1mdv2008.1.i586.rpm\n b14cb1c38ff72f65af3dc26f419248b2  2008.1/i586/apache-mod_proxy_ajp-2.2.8-6.1mdv2008.1.i586.rpm\n 222d326db8d3d9c7ff49a5edf54ad460  2008.1/i586/apache-mod_ssl-2.2.8-6.1mdv2008.1.i586.rpm\n 8d4d65f206604150103a767559ce4ac0  2008.1/i586/apache-modules-2.2.8-6.1mdv2008.1.i586.rpm\n a02bf7d7cd6cb86b24728055f31e00e8  2008.1/i586/apache-mod_userdir-2.2.8-6.1mdv2008.1.i586.rpm\n 762b5a44d6ab770663e7802db5880c5c  2008.1/i586/apache-mpm-event-2.2.8-6.1mdv2008.1.i586.rpm\n 1ad89877cf9e1d19c9c0ae31da79cc4b  2008.1/i586/apache-mpm-itk-2.2.8-6.1mdv2008.1.i586.rpm\n 9e88d760212153696531a36e44e599da  2008.1/i586/apache-mpm-prefork-2.2.8-6.1mdv2008.1.i586.rpm\n f50d7edde588f2439aa4e831a63c35d7  2008.1/i586/apache-mpm-worker-2.2.8-6.1mdv2008.1.i586.rpm\n a9f60a580681ac55bc61ae250326dc6a  2008.1/i586/apache-source-2.2.8-6.1mdv2008.1.i586.rpm \n ffe7ace0a88205f764b21be6cf4ed2e1  2008.1/SRPMS/apache-2.2.8-6.1mdv2008.1.src.rpm\n\n Mandriva Linux 2008.1/X86_64:\n 7aafb608166a15e6373c11011e72117d  2008.1/x86_64/apache-base-2.2.8-6.1mdv2008.1.x86_64.rpm\n 9c39fe151fc9261c77fc5484f793358d  2008.1/x86_64/apache-devel-2.2.8-6.1mdv2008.1.x86_64.rpm\n d5dd9482dbfed961af363261f769a136  2008.1/x86_64/apache-htcacheclean-2.2.8-6.1mdv2008.1.x86_64.rpm\n a839a342ce15d6076907fa85b652ac45  2008.1/x86_64/apache-mod_authn_dbd-2.2.8-6.1mdv2008.1.x86_64.rpm\n c1cdf8ea93464f350cd5a97282a963a8  2008.1/x86_64/apache-mod_cache-2.2.8-6.1mdv2008.1.x86_64.rpm\n 0ebe3595df3974b090e1e41653a61ac8  2008.1/x86_64/apache-mod_dav-2.2.8-6.1mdv2008.1.x86_64.rpm\n 50d80ef4989cecf6d9b4d3a36e91c3f8  2008.1/x86_64/apache-mod_dbd-2.2.8-6.1mdv2008.1.x86_64.rpm\n 89badb88265d34c6b4dafcbd7240618d  2008.1/x86_64/apache-mod_deflate-2.2.8-6.1mdv2008.1.x86_64.rpm\n 6814c312ec71fa619e1533f08ed3d1fa  2008.1/x86_64/apache-mod_disk_cache-2.2.8-6.1mdv2008.1.x86_64.rpm\n ea7900772a2a78ba4913c41762c39069  2008.1/x86_64/apache-mod_file_cache-2.2.8-6.1mdv2008.1.x86_64.rpm\n b146eaeb311a6107d51413bc29d70315  2008.1/x86_64/apache-mod_ldap-2.2.8-6.1mdv2008.1.x86_64.rpm\n 7198b641d46ea2f24664c4a9d02b9063  2008.1/x86_64/apache-mod_mem_cache-2.2.8-6.1mdv2008.1.x86_64.rpm\n e04cdfbbad417123adae10cf13a2b626  2008.1/x86_64/apache-mod_proxy-2.2.8-6.1mdv2008.1.x86_64.rpm\n 8f9a04efe7760b08220b27f1cabd8a49  2008.1/x86_64/apache-mod_proxy_ajp-2.2.8-6.1mdv2008.1.x86_64.rpm\n 8ed701d6c742a5e60196653f79989a8a  2008.1/x86_64/apache-mod_ssl-2.2.8-6.1mdv2008.1.x86_64.rpm\n 3beb942d20bf63c2bc8cef202ef0e0aa  2008.1/x86_64/apache-modules-2.2.8-6.1mdv2008.1.x86_64.rpm\n fd40ed97d50b583c7f21a686d8146c7d  2008.1/x86_64/apache-mod_userdir-2.2.8-6.1mdv2008.1.x86_64.rpm\n f7451170b9c2c7f3f55a0d44567bebfe  2008.1/x86_64/apache-mpm-event-2.2.8-6.1mdv2008.1.x86_64.rpm\n 6e1b59583a15313f8dbf347170ec581d  2008.1/x86_64/apache-mpm-itk-2.2.8-6.1mdv2008.1.x86_64.rpm\n b60967808f886fc4444054fe4ba685fd  2008.1/x86_64/apache-mpm-prefork-2.2.8-6.1mdv2008.1.x86_64.rpm\n 0ab90ebae3fcfd1fa809e62e546222db  2008.1/x86_64/apache-mpm-worker-2.2.8-6.1mdv2008.1.x86_64.rpm\n 7726d40130eb5a14d8cf272cd08f7485  2008.1/x86_64/apache-source-2.2.8-6.1mdv2008.1.x86_64.rpm \n ffe7ace0a88205f764b21be6cf4ed2e1  2008.1/SRPMS/apache-2.2.8-6.1mdv2008.1.src.rpm\n\n Corporate 4.0:\n b59bbaecc0f3c6301bee564c2862430a  corporate/4.0/i586/apache-base-2.2.3-1.4.20060mlcs4.i586.rpm\n b3141af91788ac68afd1cfb34426cec3  corporate/4.0/i586/apache-devel-2.2.3-1.4.20060mlcs4.i586.rpm\n 309db27fc902b7eb77e0fd2b5e03359f  corporate/4.0/i586/apache-htcacheclean-2.2.3-1.4.20060mlcs4.i586.rpm\n 8e7d56d01a51b7239b080765fd858088  corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.4.20060mlcs4.i586.rpm\n 8e6bd8c3a89f5f277fb56e60b37bb6a9  corporate/4.0/i586/apache-mod_cache-2.2.3-1.4.20060mlcs4.i586.rpm\n fd99c7e58d56eb14a0e94c27edb2daf2  corporate/4.0/i586/apache-mod_dav-2.2.3-1.4.20060mlcs4.i586.rpm\n 75968093eca9011dd115d948c44f29ba  corporate/4.0/i586/apache-mod_dbd-2.2.3-1.4.20060mlcs4.i586.rpm\n ba5118b4c1caa7e4b75229b5643b06b9  corporate/4.0/i586/apache-mod_deflate-2.2.3-1.4.20060mlcs4.i586.rpm\n abb27116fae7ff7d319516c0f9a0a5e4  corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.4.20060mlcs4.i586.rpm\n e1bb6ed7fb0fbb39f762a932f34dc67b  corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.4.20060mlcs4.i586.rpm\n a3d85c92d66a0ca0ed6dc6a6c6df23b4  corporate/4.0/i586/apache-mod_ldap-2.2.3-1.4.20060mlcs4.i586.rpm\n eca828a6bd374d98af6fd785aa6970af  corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.4.20060mlcs4.i586.rpm\n 8e28a95bd7f655c5b98c7405ca74de18  corporate/4.0/i586/apache-mod_proxy-2.2.3-1.4.20060mlcs4.i586.rpm\n 23a2687957dae00dadc44b864032a838  corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.4.20060mlcs4.i586.rpm\n a4a143aa2f9f8b1d3cedf68429a90fa4  corporate/4.0/i586/apache-mod_ssl-2.2.3-1.4.20060mlcs4.i586.rpm\n 779cf371acd7012ac1acfaac0062a38a  corporate/4.0/i586/apache-modules-2.2.3-1.4.20060mlcs4.i586.rpm\n e1a8927f0cfd3a08ca2af42ebc64932e  corporate/4.0/i586/apache-mod_userdir-2.2.3-1.4.20060mlcs4.i586.rpm\n 3415eea7176bb392b87540c2bfcfed2b  corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.4.20060mlcs4.i586.rpm\n 9b79811544ad30fd91608d5839b521eb  corporate/4.0/i586/apache-mpm-worker-2.2.3-1.4.20060mlcs4.i586.rpm\n 1403616f0ba1cbcc552f7e33a32b303f  corporate/4.0/i586/apache-source-2.2.3-1.4.20060mlcs4.i586.rpm \n fdda31ac2d27f5fe856746719b3ae87a  corporate/4.0/SRPMS/apache-2.2.3-1.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n e46ce6fe84b67d3d6caf6782d9352555  corporate/4.0/x86_64/apache-base-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 5b1993dca50465213ca285d3fc38bc07  corporate/4.0/x86_64/apache-devel-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 7076dbe94461207aa2399b887e6b669f  corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.4.20060mlcs4.x86_64.rpm\n e51acf392e315892cfc60ef342b3e9f0  corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 270e619d353fa9348b2d5713e660bb69  corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 8e8ae8e260b69d7150c6d7f8162eb261  corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 11fc6ca48580398733c9c26c6097aeb8  corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 6750c2039c64dd866146d240f06b302f  corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 0c7db97343700984a02d6365069bfbd5  corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm\n d60aa90ac7a459f237a6c0ed190b0ea1  corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 873b63a672417971078076a5e3e4f363  corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.4.20060mlcs4.x86_64.rpm\n d964415079d86d6c6ff78381e3dfe8ef  corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm\n c014bede921593c1035d8a1488909ab9  corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.4.20060mlcs4.x86_64.rpm\n d4469077e683ea2a034bfb35be9ca8f6  corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 35638d36e7c4832f70460294ef496d33  corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.4.20060mlcs4.x86_64.rpm\n de62531cfcf279b966c08940df7dc298  corporate/4.0/x86_64/apache-modules-2.2.3-1.4.20060mlcs4.x86_64.rpm\n a44db8a0824aa8ec654338640e30e14c  corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.4.20060mlcs4.x86_64.rpm\n be326111f9e8dd9fb0a9a7699f7f99dd  corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 3b29042dd082e4f0f8e04fbff2f14c23  corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 576aed8c357f707db0e488e13b68834c  corporate/4.0/x86_64/apache-source-2.2.3-1.4.20060mlcs4.x86_64.rpm \n fdda31ac2d27f5fe856746719b3ae87a  corporate/4.0/SRPMS/apache-2.2.3-1.4.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFIzBUvmqjQ0CJFipgRApHOAKCvASwDjqj110UnAsle/Jtgw9VwhwCg7zVf\n0jg30niEBGmySzuHETORyts=\n=wMau\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n \n This update also provides HTTP/1.1 compliance fixes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200807-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: Normal\n     Title: Apache: Denial of Service\n      Date: July 09, 2008\n      Bugs: #222643, #227111\n        ID: 200807-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in Apache might lead to a Denial of Service. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package             /  Vulnerable  /                   Unaffected\n    -------------------------------------------------------------------\n  1  www-servers/apache       \u003c 2.2.9                         \u003e= 2.2.9\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache:\n\n* Dustin Kirkland reported that the mod_ssl module can leak memory\n  when the client reports support for a compression algorithm\n  (CVE-2008-1678). \n\n* sp3x of SecurityReason reported a Cross-Site Request Forgery\n  vulnerability in the balancer-manager in the mod_proxy_balancer\n  module (CVE-2007-6420). \n\nImpact\n======\n\nA remote attacker could exploit these vulnerabilities by connecting to\nan Apache httpd, by causing an Apache proxy server to connect to a\nmalicious server, or by enticing a balancer administrator to connect to\na specially-crafted URL, resulting in a Denial of Service of the Apache\ndaemon. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.2.9\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2007-6420\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420\n  [ 2 ] CVE-2008-1678\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678\n  [ 3 ] CVE-2008-2364\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200807-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Web Server Reverse Proxy Denial of Service\n\nSECUNIA ADVISORY ID:\nSA35771\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/35771/\n\nDESCRIPTION:\nA vulnerability has been reported in Hitachi Web Server, which can be\nexploited by malicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to an unspecified error, which can be\nexploited to cause a high memory usage when the application is used as\na reverse proxy. \n\nPlease see the vendor\u0027s advisory for a full list of affected\nproducts. \n\nSOLUTION:\nUpdate to a fixed version. See vendor advisory for details. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS09-009/index.html\n\nOTHER REFERENCES:\nhttp://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001740.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nReferences: CVE-2006-3918, CVE-2007-4465, CVE-2007-6203, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2364, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-2364"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001453"
      },
      {
        "db": "BID",
        "id": "29653"
      },
      {
        "db": "VULMON",
        "id": "CVE-2008-2364"
      },
      {
        "db": "PACKETSTORM",
        "id": "74633"
      },
      {
        "db": "PACKETSTORM",
        "id": "69969"
      },
      {
        "db": "PACKETSTORM",
        "id": "72628"
      },
      {
        "db": "PACKETSTORM",
        "id": "68082"
      },
      {
        "db": "PACKETSTORM",
        "id": "79239"
      },
      {
        "db": "PACKETSTORM",
        "id": "82164"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-2364",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "29653",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "30621",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "31681",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-1798",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2780",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-0320",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "31651",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "31026",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "32838",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "34259",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "31416",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "32685",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "34219",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "31904",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "34418",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "33156",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "31404",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "33797",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "32222",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1020267",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001453",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-186",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "35771",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2008-2364",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "74633",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "69969",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "72628",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "68082",
        "trust": 0.1
      },
      {
        "db": "HITACHI",
        "id": "HS09-009",
        "trust": 0.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001740",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "79239",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "82164",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2008-2364"
      },
      {
        "db": "BID",
        "id": "29653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001453"
      },
      {
        "db": "PACKETSTORM",
        "id": "74633"
      },
      {
        "db": "PACKETSTORM",
        "id": "69969"
      },
      {
        "db": "PACKETSTORM",
        "id": "72628"
      },
      {
        "db": "PACKETSTORM",
        "id": "68082"
      },
      {
        "db": "PACKETSTORM",
        "id": "79239"
      },
      {
        "db": "PACKETSTORM",
        "id": "82164"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-186"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2364"
      }
    ]
  },
  "id": "VAR-200705-0688",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.16451614
  },
  "last_update_date": "2024-07-23T19:37:40.957000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Fixed in Apache httpd 2.0.64",
        "trust": 0.8,
        "url": "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.64"
      },
      {
        "title": "Fixed in Apache httpd 2.2.9",
        "trust": 0.8,
        "url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.9"
      },
      {
        "title": "HT3216",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht3216"
      },
      {
        "title": "HT3216",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht3216?viewlocale=ja_jp"
      },
      {
        "title": "httpd-2.2.3-11.4.1AXS3",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=369"
      },
      {
        "title": "HS09-009",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs09-009/index.html"
      },
      {
        "title": "HPSBUX02365",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c01539432"
      },
      {
        "title": "HPSBUX02401",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c01650939"
      },
      {
        "title": "HPSBUX02465",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01905287"
      },
      {
        "title": "7008517",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27008517"
      },
      {
        "title": "7007033",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?rs=177\u0026uid=swg27007033#60231"
      },
      {
        "title": "PM10658",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658"
      },
      {
        "title": "1366",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1366"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2013",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2013 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013verbose-1899830.html"
      },
      {
        "title": "RHSA-2008:0967",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2008-0967.html"
      },
      {
        "title": "July 2013 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2013_critical_patch_update"
      },
      {
        "title": "247666",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247666-1"
      },
      {
        "title": "HS09-009",
        "trust": 0.8,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs09-009/index.html"
      },
      {
        "title": "RHSA-2008:0967",
        "trust": 0.8,
        "url": "https://www.jp.redhat.com/support/errata/rhsa/rhsa-2008-0967j.html"
      },
      {
        "title": "TLSA-2008-24",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2008/tlsa-2008-24j.txt"
      },
      {
        "title": "interstage_as_201002",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201002.html"
      },
      {
        "title": "Red Hat: Moderate: httpd security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20080967 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Application Stack v2.2 security and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20080966 - security advisory"
      },
      {
        "title": "Ubuntu Security Notice: apache2 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-731-1"
      },
      {
        "title": "Symantec Security Advisories: SA61 : Director multiple Apache vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=508649a9a651b4fb32a5cc0f1310d652"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2008-2364 "
      },
      {
        "title": "ReconScan",
        "trust": 0.1,
        "url": "https://github.com/rolisoft/reconscan "
      },
      {
        "title": "ReconScan",
        "trust": 0.1,
        "url": "https://github.com/gij03/reconscan "
      },
      {
        "title": "test",
        "trust": 0.1,
        "url": "https://github.com/issdp/test "
      },
      {
        "title": "ReconScan",
        "trust": 0.1,
        "url": "https://github.com/kira1111/reconscan "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/dbutter/whitehat_public "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2008-2364"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001453"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-770",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-399",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001453"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2364"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.securityfocus.com/bid/29653"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27008517"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
      },
      {
        "trust": 1.8,
        "url": "http://security.gentoo.org/glsa/glsa-200807-06.xml"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/30621"
      },
      {
        "trust": 1.7,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2008-august/msg00153.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/31416"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/31404"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/31026"
      },
      {
        "trust": 1.7,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2008-august/msg00055.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1020267"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/31651"
      },
      {
        "trust": 1.7,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01539432"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/31904"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:195"
      },
      {
        "trust": 1.7,
        "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk67579"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2008/oct/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/31681"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht3216"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/32222"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/32685"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0967.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2008-0966.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:237"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/33156"
      },
      {
        "trust": 1.7,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/33797"
      },
      {
        "trust": 1.7,
        "url": "http://wiki.rpath.com/wiki/advisories:rpsa-2008-0328"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/32838"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.ubuntu.com/usn/usn-731-1"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/34259"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/34219"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/34418"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2008/2780"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2009/0320"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2008/1798"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42987"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9577"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6084"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11713"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/498567/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/494858/100/0/threaded"
      },
      {
        "trust": 1.4,
        "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154\u0026r2=666153\u0026pathrev=666154"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2364"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2008/1798"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2364"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/30621/"
      },
      {
        "trust": 0.6,
        "url": "httpd.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "http.c?r1=666154\u0026r2=666153\u0026pathrev=666154"
      },
      {
        "trust": 0.6,
        "url": "httpd/trunk/modules/proxy/mod_proxy_"
      },
      {
        "trust": 0.6,
        "url": "http://svn.apache.org/viewvc/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs."
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364"
      },
      {
        "trust": 0.3,
        "url": "http://httpd.apache.org/"
      },
      {
        "trust": 0.3,
        "url": "http://httpd.apache.org/docs/2.0/mod/mod_proxy_http.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apache.org/dist/httpd/changes_2.2.9"
      },
      {
        "trust": 0.3,
        "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/changes?r1=666154\u0026r2=666153\u0026pathrev=666154"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658"
      },
      {
        "trust": 0.3,
        "url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.ctm6em..t.epps.1zqm.kdcefl00"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2008-0966.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2f960f9e1d5d7811786257655003c8e7a"
      },
      {
        "trust": 0.3,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa61\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247666-1"
      },
      {
        "trust": 0.3,
        "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201002e.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939"
      },
      {
        "trust": 0.2,
        "url": "http://software.hp.com"
      },
      {
        "trust": 0.2,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6420"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.2,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3658"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/770.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2008-2364"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2008:0967"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/731-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2370"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2938"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1947"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1232"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2939"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6420"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1678"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1678"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/35771/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://jvndb.jvn.jp/en/contents/2009/jvndb-2009-001740.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs09-009/index.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2371"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3660"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5498"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0599"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2168"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2829"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6203"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2665"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5557"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5624"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3659"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2666"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2008-2364"
      },
      {
        "db": "BID",
        "id": "29653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001453"
      },
      {
        "db": "PACKETSTORM",
        "id": "74633"
      },
      {
        "db": "PACKETSTORM",
        "id": "69969"
      },
      {
        "db": "PACKETSTORM",
        "id": "72628"
      },
      {
        "db": "PACKETSTORM",
        "id": "68082"
      },
      {
        "db": "PACKETSTORM",
        "id": "79239"
      },
      {
        "db": "PACKETSTORM",
        "id": "82164"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-186"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2364"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2008-2364"
      },
      {
        "db": "BID",
        "id": "29653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001453"
      },
      {
        "db": "PACKETSTORM",
        "id": "74633"
      },
      {
        "db": "PACKETSTORM",
        "id": "69969"
      },
      {
        "db": "PACKETSTORM",
        "id": "72628"
      },
      {
        "db": "PACKETSTORM",
        "id": "68082"
      },
      {
        "db": "PACKETSTORM",
        "id": "79239"
      },
      {
        "db": "PACKETSTORM",
        "id": "82164"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-186"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-2364"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-06-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2008-2364"
      },
      {
        "date": "2008-06-10T00:00:00",
        "db": "BID",
        "id": "29653"
      },
      {
        "date": "2008-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001453"
      },
      {
        "date": "2009-02-04T18:45:10",
        "db": "PACKETSTORM",
        "id": "74633"
      },
      {
        "date": "2008-09-14T20:14:59",
        "db": "PACKETSTORM",
        "id": "69969"
      },
      {
        "date": "2008-12-04T22:31:41",
        "db": "PACKETSTORM",
        "id": "72628"
      },
      {
        "date": "2008-07-10T08:16:33",
        "db": "PACKETSTORM",
        "id": "68082"
      },
      {
        "date": "2009-07-15T07:11:45",
        "db": "PACKETSTORM",
        "id": "79239"
      },
      {
        "date": "2009-10-23T18:14:28",
        "db": "PACKETSTORM",
        "id": "82164"
      },
      {
        "date": "2007-05-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200806-186"
      },
      {
        "date": "2008-06-13T18:41:00",
        "db": "NVD",
        "id": "CVE-2008-2364"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2008-2364"
      },
      {
        "date": "2015-04-13T21:30:00",
        "db": "BID",
        "id": "29653"
      },
      {
        "date": "2014-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-001453"
      },
      {
        "date": "2023-02-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200806-186"
      },
      {
        "date": "2023-02-13T02:19:06.543000",
        "db": "NVD",
        "id": "CVE-2008-2364"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "69969"
      },
      {
        "db": "PACKETSTORM",
        "id": "72628"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-186"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache HTTP Server of  ap_proxy_http_process_response() Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-001453"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200806-186"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-2364 (GCVE-0-2008-2364)

RHSA-2010_0602

VAR-200705-0688

CVSS 2.0 Base Metrics

HP-UX B.11.11

HP-UX B.11.23

HP-UX B.11.31

Synopsis

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

Tags

Sightings

Nomenclature